Why Johnny doesn't write secure software? Secure software development by the masses

Project Details


Developing software is no longer the domain of the select few with deep technical skills, training and knowledge. A wide range of people from diverse backgrounds are developing software for smart phones, websites and IoT devices used by millions of people. Johnny is our pseudonymous for such a developer. Currently, little is understood about the security behaviours and decision-making processes of Johnny engaging in software development.

The overall aim of this EPSRC-funded project is to develop an empirically-grounded theory of secure software development by the masses. Our focus is on understanding:

- what typical classes of security vulnerabilities arise from Johnny's mistakes;
- why these mistakes occur; and
- how we may mitigate these issues and promote secure behaviours.
Effective start/end date1/10/1831/12/21

Structured keywords

  • Cyber Security


Explore the research topics touched on by this project. These labels are generated based on the underlying awards/grants. Together they form a unique fingerprint.