Talking about security with professional developers
This paper describes materials developed to engage professional developers in discussions about security. First, the work is framed in the context of ethnographic studies of software development, highlighting how the method is used to explore and investigate research aims for the Motivating Jenny research project. A description is given of a series of practitioner engage?ments, that were used to develop a reflection and discussion tool using security stories taken from media and internet sources. An explanation is given for how the tool has been used to collect data within field sites, offering a way to clarify and member check findings, and to provide a different view on practice and process.The report concludes with observations and notes about future aims for supporting and encouraging professionals to engage with security in practice.
History
Publication
2019 IEEE/ACM Joint 7th International Workshop on Conducting Empirical Studies in Industry (CESI) and 6th International Workshop on Software Engineering Research and Industrial Practice (SER&IP), Montreal, QC, Canada, 2019, pp. 34-40Publisher
Institute of Electrical and Electronics EngineersOther Funding information
We thank the professional developers who participated in our workshops. The work was supported by the National Cyber Security Centre (NCSC). Nuseibeh thanks SFI, EPSRC and ERC for financial supportRights
© 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.”Also affiliated with
- LERO - The Science Foundation Ireland Research Centre for Software
Sustainable development goals
- (4) Quality Education
