TY - GEN
T1 - A Structured Approach to Log Design
T2 - 19th IFIP WG 11.12 International Symposium on Human Aspects of Information Security and Assurance, HAISA 2025
AU - Schmitt, Veronica
AU - Clarke, Nathan
AU - Ghita, Bogdan
AU - Van Niekerk, Johan
N1 - Publisher Copyright:
© IFIP International Federation for Information Processing 2026.
PY - 2025/10/30
Y1 - 2025/10/30
N2 - Logging is a critical yet often neglected aspect of software development, frequently implemented without adequate consideration for security, privacy, or compliance. This oversight can lead to vulnerabilities, hinder forensic investigations, and undermine regulatory obligations. This paper examines persistent deficiencies in logging practices using empirical data from a targeted developer survey, alongside analysis of OWASP Top 10 vulnerabilities and Common Weakness Enumeration (CWE) classifications. The findings reveal recurring issues, including the inadvertent exposure of sensitive data, failure to record security-critical events, and inconsistent or undocumented logging standards. Despite the central role of logs in debugging, monitoring, and incident response, many developers lack formal training and operate without clear guidelines, resulting in fragmented and insecure implementations. These insights highlight the need to treat logging as a core component of secure software development.
AB - Logging is a critical yet often neglected aspect of software development, frequently implemented without adequate consideration for security, privacy, or compliance. This oversight can lead to vulnerabilities, hinder forensic investigations, and undermine regulatory obligations. This paper examines persistent deficiencies in logging practices using empirical data from a targeted developer survey, alongside analysis of OWASP Top 10 vulnerabilities and Common Weakness Enumeration (CWE) classifications. The findings reveal recurring issues, including the inadvertent exposure of sensitive data, failure to record security-critical events, and inconsistent or undocumented logging standards. Despite the central role of logs in debugging, monitoring, and incident response, many developers lack formal training and operate without clear guidelines, resulting in fragmented and insecure implementations. These insights highlight the need to treat logging as a core component of secure software development.
KW - Developer Survey
KW - Logging Design Culture
KW - Privacy in Logging
UR - https://www.scopus.com/pages/publications/105021821419
U2 - 10.1007/978-3-032-02504-3_25
DO - 10.1007/978-3-032-02504-3_25
M3 - Conference proceedings published in a book
AN - SCOPUS:105021821419
SN - 9783032025036
T3 - IFIP Advances in Information and Communication Technology
SP - 362
EP - 375
BT - Human Aspects of Information Security and Assurance - 19th IFIP WG 11.12 International Symposium, HAISA 2025, Proceedings
A2 - Furnell, Steven
A2 - Clarke, Nathan
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 7 July 2025 through 9 July 2025
ER -