Security responses in software development
The pressure on software developers to produce secure software has never been greater. But what does security look like in environments that do not produce security-critical software? In answer to this question, this multi-sited ethnographic study characterizes security episodes and identifies five typical behaviors in software development. Using theory drawn from information security and motivation research in software engineering, this article characterizes key ways in which individual developers form security responses to meet the demands of particular circumstances, providing a framework managers and teams can use to recognize, understand, and alter security activity in their environments.
Funding
SAUSE: Secure, Adaptive, Usable Software Engineering
Engineering and Physical Sciences Research Council
Find out more...Socio-technical resilience in software development (STRIDE)
Engineering and Physical Sciences Research Council
Find out more...History
Publication
ACM Transactions on Software Engineering and Methodology, 2022 , 32 (3) Article No.: 64 pp 1–29Publisher
Association for Computing MachineryRights
"© ACM, 2022. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in ACM Transactions on Software Engineering and Methodology Volume 32 Issue 3 Article No.: 64 pp 1–29 https://doi.org/10.1145/3563211Also affiliated with
- LERO - The Science Foundation Ireland Research Centre for Software
Sustainable development goals
- (4) Quality Education