University of Limerick
Browse
Nuseibeh_2019_Hopfully.pdf (533.82 kB)

"Hopefully we are mostly secure": views on secore code in professional practice

Download (533.82 kB)
conference contribution
posted on 2019-11-21, 12:00 authored by Tamara Lopez, Helen Sharp, Thein Than Tun, Arosha K. Bandara, Mark Levine, Bashar NuseibehBashar Nuseibeh
Security of software systems is of general concern, yet breaches caused by common vulnerabilities still occur. Software developers are routinely called upon to ”do more” to address this situation. However there has been little focus on the developers’ point of view, and understanding how security features in their day-to-day activities. This paper reports preliminary findings of semi-structured interviews taken during an ethnographic study of professional software developers in one organization who are not security experts. The overall study aims to understand how security features in day-to-day practice, while analysis of the interview data asks whether developers are responsible for security. The study reveals that awareness around security matters is raised through several paths including processes, standards, practices and company training and that a focus on security is driven by contextual factors. Security is taken care of with policies and through safeguards, and is handled differently depending on whether a team is developing new features, and hence ”looking forward”, or working with existing code and hence ”looking back”. Developers take and share responsibility for security in the code, but suggest that their responsibility has limits, and relies on collective practice.

Funding

Earthquake Damageability of Low-Rise Construction

Directorate for Engineering

Find out more...

Study on Aerodynamic Characteristics Control of Slender Body Using Active Flow Control Technique

Japan Society for the Promotion of Science

Find out more...

History

Publication

2019 IEEE/ACM 12th International Workshop on Cooperative and Human Aspects of Software Engineering (CHASE);

Publisher

IEEE Computer Society

Note

peer-reviewed

Other Funding information

SFI, EPSRC, ERC

Rights

© 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Language

English

Usage metrics

    University of Limerick

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC