UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

A Passion for Security: Intervening to Help Software Developers

Weir, C; Becker, I; Blair, L; (2021) A Passion for Security: Intervening to Help Software Developers. In: Proceedings of the 43rd International Conference on Software Engineering. IEEE: Virtual conference. (In press). Green open access

[thumbnail of weir_passion_2021.pdf]
Preview
Text
weir_passion_2021.pdf - Accepted version

Download (868kB) | Preview

Abstract

While the techniques to achieve secure, privacypreserving software are now well understood, evidence shows that many software development teams do not use them: they lack the ‘security maturity’ to assess security needs and decide on appropriate tools and processes; and they lack the ability to negotiate with product management for the required resources. This paper describes a measuring approach to assess twelve aspects of this security maturity; its use to assess the impact of a lightweight package of workshops designed to increase security maturity; and a novel approach within that package to support developers in resource negotiation. Based on trials in eight organizations, involving over 80 developers, this paper demonstrates that (1) development teams can notably improve their security maturity even in the absence of security specialists; and (2) suitably guided, developers can find effective ways to promote security to product management. Empowering developers to make their own decisions and promote security in this way offers a powerful grassroots approach to improving the security of software worldwide.

Type: Proceedings paper
Title: A Passion for Security: Intervening to Help Software Developers
Event: 43rd International Conference on Software Engineering
Location: online
Dates: 25 May 2021 - 28 May 2021
Open access status: An open access version is available from UCL Discovery
Publisher version: https://conf.researchr.org/home/icse-2021
Language: English
Additional information: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions.
Keywords: Developer Centered Security; software security; software developer; intervention; Design Based Research
UCL classification: UCL
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science
URI: https://discovery.ucl.ac.uk/id/eprint/10121500
Downloads since deposit
58Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item