Home > Research > Publications & Outputs > Challenging Software Developers

Research

Associated organisational units

Electronic data

  • Challenging Software Developers

    Accepted author manuscript, 723 KB, PDF document

    Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License

Keywords

View graph of relations

Challenging Software Developers: Dialectic as a Foundation for Security Assurance Techniques

Research output: Contribution to Journal/MagazineJournal articlepeer-review

E-pub ahead of print

Standard

Challenging Software Developers: Dialectic as a Foundation for Security Assurance Techniques. / Weir, Charles; Noble, James; Rashid, Awaid.
In: Journal of Cybersecurity, 21.04.2020.

Research output: Contribution to Journal/MagazineJournal articlepeer-review

Harvard

Weir, C, Noble, J & Rashid, A 2020, 'Challenging Software Developers: Dialectic as a Foundation for Security Assurance Techniques', Journal of Cybersecurity.

APA

Weir, C., Noble, J., & Rashid, A. (2020). Challenging Software Developers: Dialectic as a Foundation for Security Assurance Techniques. Journal of Cybersecurity. Advance online publication.

Vancouver

Weir C, Noble J, Rashid A. Challenging Software Developers: Dialectic as a Foundation for Security Assurance Techniques. Journal of Cybersecurity. 2020 Apr 21. Epub 2020 Apr 21.

Author

Weir, Charles ; Noble, James ; Rashid, Awaid. / Challenging Software Developers : Dialectic as a Foundation for Security Assurance Techniques. In: Journal of Cybersecurity. 2020.

Bibtex

@article{7be762c9847146f68f3e8b90cbaac02a,
title = "Challenging Software Developers: Dialectic as a Foundation for Security Assurance Techniques",
abstract = "Development teams are increasingly expected to deliver secure code, but how can they best achieve this? Traditional security practice, which emphasises 'telling developers what to do' using checklists, processes and errors to avoid, has proved difficult to introduce. From analysis of industry interviews with a dozen experts in app development security, we find that secure development requires dialectic: a challenging dialog between the developers and a range of counterparties, continued throughout the development cycle. Analysing a further survey of sixteen industry developer security advocates, we identify the six assurance techniques that are most effective at achieving this dialectic in existing development teams, and conclude that the introduction of these techniques is best driven by the developers themselves. Concentrating on these six assurance techniques, and the dialectical interactions they involve, has the potential to increase the security of development activities and thus improve software security for everyone.",
keywords = "dialectical security, grounded theory, developer centred security, software development, assurance technique, software security",
author = "Charles Weir and James Noble and Awaid Rashid",
year = "2020",
month = apr,
day = "21",
language = "English",
journal = "Journal of Cybersecurity",
issn = "2057-2093",
publisher = "OUP",

}

RIS

TY - JOUR

T1 - Challenging Software Developers

T2 - Dialectic as a Foundation for Security Assurance Techniques

AU - Weir, Charles

AU - Noble, James

AU - Rashid, Awaid

PY - 2020/4/21

Y1 - 2020/4/21

N2 - Development teams are increasingly expected to deliver secure code, but how can they best achieve this? Traditional security practice, which emphasises 'telling developers what to do' using checklists, processes and errors to avoid, has proved difficult to introduce. From analysis of industry interviews with a dozen experts in app development security, we find that secure development requires dialectic: a challenging dialog between the developers and a range of counterparties, continued throughout the development cycle. Analysing a further survey of sixteen industry developer security advocates, we identify the six assurance techniques that are most effective at achieving this dialectic in existing development teams, and conclude that the introduction of these techniques is best driven by the developers themselves. Concentrating on these six assurance techniques, and the dialectical interactions they involve, has the potential to increase the security of development activities and thus improve software security for everyone.

AB - Development teams are increasingly expected to deliver secure code, but how can they best achieve this? Traditional security practice, which emphasises 'telling developers what to do' using checklists, processes and errors to avoid, has proved difficult to introduce. From analysis of industry interviews with a dozen experts in app development security, we find that secure development requires dialectic: a challenging dialog between the developers and a range of counterparties, continued throughout the development cycle. Analysing a further survey of sixteen industry developer security advocates, we identify the six assurance techniques that are most effective at achieving this dialectic in existing development teams, and conclude that the introduction of these techniques is best driven by the developers themselves. Concentrating on these six assurance techniques, and the dialectical interactions they involve, has the potential to increase the security of development activities and thus improve software security for everyone.

KW - dialectical security

KW - grounded theory

KW - developer centred security

KW - software development

KW - assurance technique

KW - software security

M3 - Journal article

JO - Journal of Cybersecurity

JF - Journal of Cybersecurity

SN - 2057-2093

ER -