UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

Interventions for Software Security: Creating a Lightweight Program of Assurance Techniques for Developers

Weir, C; Becker, I; Noble, J; Blair, L; Sasse, MA; Rashid, A; (2019) Interventions for Software Security: Creating a Lightweight Program of Assurance Techniques for Developers. In: Sharpe, Helen and Whalen, Michael, (eds.) Proceedings of 41st International Conference on Software Engineering. (pp. pp. 41-50). IEEE: NY, USA. Green open access

[thumbnail of Weir et al. - 2019 - Interventions for Software SecurityCreating a Lig.pdf]
Preview
Text
Weir et al. - 2019 - Interventions for Software SecurityCreating a Lig.pdf - Accepted Version

Download (735kB) | Preview

Abstract

Though some software development teams are highly effective at delivering security, others either do not care or do not have access to security experts to teach them how. Unfortunately, these latter teams are still responsible for the security of the systems they build: systems that are ever more important to ever more people. We propose that a series of lightweight interventions, six hours of facilitated workshops delivered over three months, can improve a team’s motivation to consider security and awareness of assurance techniques, changing its security culture even when no security experts are involved. The interventions were developed after an Appreciative Inquiry and Grounded Theory survey of security professionals to find out what approaches work best. They were then validated in fieldwork with a Participatory Action Research study that de-livered the workshops to three development organizations. This approach has the potential to be applied by many development teams, improving the security of software worldwide.

Type: Proceedings paper
Title: Interventions for Software Security: Creating a Lightweight Program of Assurance Techniques for Developers
Event: 41st International Conference on Software Engineering
Location: Montréal, QC, Canada
Dates: 25 May 2019 - 31 May 2019
Open access status: An open access version is available from UCL Discovery
DOI: 10.1109/ICSE-SEIP.2019.00013
Publisher version: https://dl.acm.org/citation.cfm?id=3339921
Language: English
Additional information: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions.
Keywords: Developer centered security; software security; software developer; intervention; action research
UCL classification: UCL
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science
URI: https://discovery.ucl.ac.uk/id/eprint/10068822
Downloads since deposit
81Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item