A Passion for Security: Intervening to Help Software Developers
While the techniques to achieve secure, privacy-preserving software are now well understood, evidence shows that many software development teams do not use them: they lack the 'security maturity' to assess security needs and decide on appropriate tools and processes; and they lack the abil...
Saved in:
| Published in: | 2021 IEEE/ACM 43rd International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP) pp. 21 - 30 |
|---|---|
| Main Authors: | , , |
| Format: | Conference Proceeding |
| Language: | English |
| Published: |
IEEE
01.05.2021
|
| Subjects: | |
| ISBN: | 9781665438698, 166543869X |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Abstract | While the techniques to achieve secure, privacy-preserving software are now well understood, evidence shows that many software development teams do not use them: they lack the 'security maturity' to assess security needs and decide on appropriate tools and processes; and they lack the ability to negotiate with product management for the required resources. This paper describes a measuring approach to assess twelve aspects of this security maturity; its use to assess the impact of a lightweight package of workshops designed to increase security maturity; and a novel approach within that package to support developers in resource negotiation. Based on trials in eight organizations, involving over 80 developers, this paper demonstrates that (1) development teams can notably improve their security maturity even in the absence of security specialists; and (2) suitably guided, developers can find effective ways to promote security to product management. Empowering developers to make their own decisions and promote security in this way offers a powerful grassroots approach to improving the security of software worldwide. |
|---|---|
| AbstractList | While the techniques to achieve secure, privacy-preserving software are now well understood, evidence shows that many software development teams do not use them: they lack the 'security maturity' to assess security needs and decide on appropriate tools and processes; and they lack the ability to negotiate with product management for the required resources. This paper describes a measuring approach to assess twelve aspects of this security maturity; its use to assess the impact of a lightweight package of workshops designed to increase security maturity; and a novel approach within that package to support developers in resource negotiation. Based on trials in eight organizations, involving over 80 developers, this paper demonstrates that (1) development teams can notably improve their security maturity even in the absence of security specialists; and (2) suitably guided, developers can find effective ways to promote security to product management. Empowering developers to make their own decisions and promote security in this way offers a powerful grassroots approach to improving the security of software worldwide. |
| Author | Weir, Charles Becker, Ingolf Blair, Lynne |
| Author_xml | – sequence: 1 givenname: Charles surname: Weir fullname: Weir, Charles email: c.weir1@lancaster.ac.uk organization: Lancaster University, United Kingdom – sequence: 2 givenname: Ingolf surname: Becker fullname: Becker, Ingolf email: i.becker@ucl.ac.uk organization: UCL, United Kingdom – sequence: 3 givenname: Lynne surname: Blair fullname: Blair, Lynne email: l.blair@lancaster.ac.uk organization: Lancaster University, United Kingdom |
| BookMark | eNotj81Kw0AUhQdUUGuewM34AIl3fjPjRkqMNlCwEF2XSXJHAjFTJrHSt29AVwcOfIfv3JLLMYxIyAODjDGwj1VRl2ldVjvFNUDGgbMMABi7IInNDdNaSWG0Ndckmaa-ASlzu5BwQ57XdOeWLozUh0hrbH9iP5-eaDXOGI849uMXnQPd4HCgdfDzr4tIX_CIQzhgnO7IlXfDhMl_rsjna_lRbNLt-1tVrLep41bNKbOssy3zatEyQubaOAVKcG5F3qJxjXTG-BadAaudEFxrC1x1rmvAW9GIFbn_2-0RcX-I_beLp72Vy1WpxRmZdUqW |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/ICSE-SEIP52600.2021.00011 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EndPage | 30 |
| ExternalDocumentID | 9402146 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IF 6IL 6IN AAWTH ABLEC ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK IEGSK OCL RIE RIL |
| ID | FETCH-LOGICAL-a295t-191d9c1f5000834768a505322937ce8ab4a88fcea8096a332669025dadb0f93b3 |
| IEDL.DBID | RIE |
| ISBN | 9781665438698 166543869X |
| ISICitedReferencesCount | 22 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000684234800003&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| IngestDate | Wed Aug 27 02:27:47 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-a295t-191d9c1f5000834768a505322937ce8ab4a88fcea8096a332669025dadb0f93b3 |
| PageCount | 10 |
| ParticipantIDs | ieee_primary_9402146 |
| PublicationCentury | 2000 |
| PublicationDate | 2021-May |
| PublicationDateYYYYMMDD | 2021-05-01 |
| PublicationDate_xml | – month: 05 year: 2021 text: 2021-May |
| PublicationDecade | 2020 |
| PublicationTitle | 2021 IEEE/ACM 43rd International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP) |
| PublicationTitleAbbrev | ICSE-SEIP |
| PublicationYear | 2021 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssib044791100 |
| Score | 2.3248193 |
| Snippet | While the techniques to achieve secure, privacy-preserving software are now well understood, evidence shows that many software development teams do not use... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 21 |
| SubjectTerms | Conferences design based research developer centred security intervention Lead Risk management Security Software software developer Software engineering software security |
| Title | A Passion for Security: Intervening to Help Software Developers |
| URI | https://ieeexplore.ieee.org/document/9402146 |
| WOSCitedRecordID | wos000684234800003&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3fS8MwED62IeKTyib-JoKPZrNt2ia-iIwNBzIKU9nbuKYJ-NKN2em_7yWtE8EX35qSh-ZS7r5L7r4P4Dq1iAVBea6DwHKRFpKjDS0nxxeHqFWCnqf79SmdTuV8rrIW3Gx7YYwxvvjM9N2jv8svlnrjjsoGSngd6ja00zSpe7W-_x0hUuXYz1zvlhPUjWSiGoKd7VjuwlXDsTmYDGcj8liTLHYM7ZQnhkHf46NfKis-yIz3__d5B9D76dZj2TYOHULLlF24f2AZugrXkhEsZbNGpu6OTZoiR5rKqiWjsLNiM_LFn7g2rCkhIkjYg5fx6Hn4yBuxBI6hiitOeVehdGBjj6oEZREYO9UHCuepNhJzgVJabVBS0oIRobbE3TAWWOS3VkV5dASdclmaY2CUw2hRkEmNJMPlFmkmuQVlhY1Nbs0JdN3iF6uaD2PRrPv079dnsOesWxcJnkOnWm_MBezoj-rtfX3pN_ELMvCXyA |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3fT8IwEL4gGvVJDRh_WxMfHbCtY60vxhAIRCRLQMMbuXVt4ssgOPTf91omxsQX39alD-t1ufuuvfs-gNvYIGYE5T3l-8bjcSY8NIHxyPFFASrZRsfT_TqMRyMxncqkAnebXhittSs-0w376O7ys7la2aOypuROh3oLtiPOg9a6W-v77-E8lpb_zHZvWUndULRlSbGzGYtduClZNpuDzrhLPmuQRJajnTLFwG84hPRLZ8WFmd7B_z7wEOo__Xos2USiI6jovAYPjyxBW-OaMwKmbFwK1d2zQVnmSFNZMWcUeBZsTN74E5ealUVEBArr8NLrTjp9r5RL8DCQUeFR5pVJ5ZvI4SpOeQRGVveBAnqstMCUoxBGaRSUtmBIuK1t7xgzzNKWkWEaHkM1n-f6BBhlMYpnZFItyHCpQZpJjkEabiKdGn0KNbv42WLNiDEr13329-tr2OtPnoez4WD0dA771tLrksELqBbLlb6EHfVRvL0vr9yGfgFQD5sP |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2021+IEEE%2FACM+43rd+International+Conference+on+Software+Engineering%3A+Software+Engineering+in+Practice+%28ICSE-SEIP%29&rft.atitle=A+Passion+for+Security%3A+Intervening+to+Help+Software+Developers&rft.au=Weir%2C+Charles&rft.au=Becker%2C+Ingolf&rft.au=Blair%2C+Lynne&rft.date=2021-05-01&rft.pub=IEEE&rft.isbn=9781665438698&rft.spage=21&rft.epage=30&rft_id=info:doi/10.1109%2FICSE-SEIP52600.2021.00011&rft.externalDocID=9402146 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=9781665438698/lc.gif&client=summon&freeimage=true |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=9781665438698/mc.gif&client=summon&freeimage=true |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=9781665438698/sc.gif&client=summon&freeimage=true |