UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

Incorporating software security: Using developer workshops to engage product managers

Weir, Charles; Becker, Ingolf; Blair, Lynne; (2022) Incorporating software security: Using developer workshops to engage product managers. Empirical Software Engineering , 28 , Article 21. 10.1007/s10664-022-10252-0. Green open access

[thumbnail of Becker_Incorporating software security_VoR.pdf]
Preview
Text
Becker_Incorporating software security_VoR.pdf

Download (1MB) | Preview

Abstract

Evidence from data breach reports shows that many competent software development teams still do not implement secure, privacy-preserving software, even though techniques to do so are now well-known. A major factor causing this is simply a lack of priority and resources for security, as decided by product managers. So, how can we help developers and product managers to work together to achieve appropriate decisions on security and privacy issues? This paper explores using structured workshops to support teams of developers in engaging product managers with software security and privacy, even in the absence of security professionals. The research used the Design Based Research methodology. This paper describes and justifies our workshop design and implementation, and describes our thematic coding of both participant interviews and workshop discussions to quantify and explore the workshops’ effectiveness. Based on trials in eight organizations, involving 88 developers, we found the workshops effective in helping development teams to identify, promote, and prioritize security issues with product managers. Comparisons between organizations suggested that such workshops are most effective with groups with limited security expertise, and when led by the development team leaders. We also found workshop participants needed minimal guidance to identify security threats, and a wide range of ways to promote possible security improvements. Empowering developers and product managers in this way offers a powerful grassroots approach to improve software security worldwide.

Type: Article
Title: Incorporating software security: Using developer workshops to engage product managers
Open access status: An open access version is available from UCL Discovery
DOI: 10.1007/s10664-022-10252-0
Publisher version: https://doi.org/10.1007/s10664-022-10252-0
Language: English
Additional information: © 2023 Springer Nature Switzerland AG. This article is licensed under a Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/).
Keywords: Developer centered security, Software security, Software developer, Cybersecurity, Software development, SDLC ,Product management, Product manager, Design based research
UCL classification: UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL
URI: https://discovery.ucl.ac.uk/id/eprint/10158394
Downloads since deposit
11Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item