Promoting Developer Security: Creating a Lightweight Program of Assurance Techniques

Charles Weir, Lynne Blair, Ingolf Becker, Angela Sasse, James Noble, Awais Rashid

Research output: Contribution to conferenceConference Paper

40 Downloads (Pure)

Abstract

Though some software development teams are highly effective at delivering security, others either do not care or do not have access to security experts to teach them how. Unfortunately, these latter teams are still responsible for the security of the systems they build: systems that are ever more important to ever more people. We propose that a series of lightweight interventions, six hours of facilitated workshops delivered over three months, can improve a team’s motivation to consider security and awareness of assurance techniques, changing its security culture even when no security experts are involved. The interventions were developed after an Appreciative Inquiry and Grounded Theory survey of security professionals to find out what approaches work best. They were then validated in fieldwork with a Participatory Action Research study that delivered the workshops to three development organizations. This approach has the potential to be applied by many development teams, improving the security of software worldwide.
Original languageEnglish
Number of pages11
Publication statusPublished - 31 May 2019
EventACM/IEEE International Conference on Software Engineering - Montreal, Canada
Duration: 25 May 201931 May 2019
Conference number: 41
https://2019.icse-conferences.org/

Conference

ConferenceACM/IEEE International Conference on Software Engineering
Abbreviated titleICSE 2019
CountryCanada
CityMontreal
Period25/05/1931/05/19
Internet address

Structured keywords

  • Cyber Security

Fingerprint Dive into the research topics of 'Promoting Developer Security: Creating a Lightweight Program of Assurance Techniques'. Together they form a unique fingerprint.

Cite this