Home > Research > Publications & Outputs > Light-touch Interventions to Improve Software D...

Electronic data

  • Light-Touch Interventions to Improve Software Development Security

    Rights statement: ©2018 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

    Accepted author manuscript, 554 KB, PDF document

    Available under license: CC BY: Creative Commons Attribution 4.0 International License

View graph of relations

Light-touch Interventions to Improve Software Development Security

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paper

Published

Standard

Light-touch Interventions to Improve Software Development Security. / Weir, Charles Alexander Forbes; Blair, Lynne; Becker, Ingolf; Sasse, Angela; Noble, James.

Proceedings of the IEEE Cybersecurity Development Conference 2018. ed. / Daphne Yeo; Stephen Chong. IEEE, 2018.

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paper

Harvard

Weir, CAF, Blair, L, Becker, I, Sasse, A & Noble, J 2018, Light-touch Interventions to Improve Software Development Security. in D Yeo & S Chong (eds), Proceedings of the IEEE Cybersecurity Development Conference 2018. IEEE.

APA

Weir, C. A. F., Blair, L., Becker, I., Sasse, A., & Noble, J. (2018). Light-touch Interventions to Improve Software Development Security. In D. Yeo, & S. Chong (Eds.), Proceedings of the IEEE Cybersecurity Development Conference 2018 IEEE.

Vancouver

Weir CAF, Blair L, Becker I, Sasse A, Noble J. Light-touch Interventions to Improve Software Development Security. In Yeo D, Chong S, editors, Proceedings of the IEEE Cybersecurity Development Conference 2018. IEEE. 2018

Author

Weir, Charles Alexander Forbes ; Blair, Lynne ; Becker, Ingolf ; Sasse, Angela ; Noble, James. / Light-touch Interventions to Improve Software Development Security. Proceedings of the IEEE Cybersecurity Development Conference 2018. editor / Daphne Yeo ; Stephen Chong. IEEE, 2018.

Bibtex

@inproceedings{489e717b31384a5695cd590d795d94ac,
title = "Light-touch Interventions to Improve Software Development Security",
abstract = "Many software developers still have little interest in software security. To change this, we need ‘interventions’ to development teams to motivate and help them towards security improvement. An intervention costing less than two days’ effort from a facilitator plus half a day of team effort can significantly improve that team’s software security. This case study describes how this approach was used with one commercial team, and identifies its impact using Participative Action Research. With suitable improvements, the approach has the potential to help many other development teams.",
keywords = "Developer centered security, Case study, Software security, software developer, intervention, action research",
author = "Weir, {Charles Alexander Forbes} and Lynne Blair and Ingolf Becker and Angela Sasse and James Noble",
note = "{\circledC}2018 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.",
year = "2018",
month = "9",
day = "25",
language = "English",
editor = "Daphne Yeo and Stephen Chong",
booktitle = "Proceedings of the IEEE Cybersecurity Development Conference 2018",
publisher = "IEEE",

}

RIS

TY - GEN

T1 - Light-touch Interventions to Improve Software Development Security

AU - Weir, Charles Alexander Forbes

AU - Blair, Lynne

AU - Becker, Ingolf

AU - Sasse, Angela

AU - Noble, James

N1 - ©2018 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

PY - 2018/9/25

Y1 - 2018/9/25

N2 - Many software developers still have little interest in software security. To change this, we need ‘interventions’ to development teams to motivate and help them towards security improvement. An intervention costing less than two days’ effort from a facilitator plus half a day of team effort can significantly improve that team’s software security. This case study describes how this approach was used with one commercial team, and identifies its impact using Participative Action Research. With suitable improvements, the approach has the potential to help many other development teams.

AB - Many software developers still have little interest in software security. To change this, we need ‘interventions’ to development teams to motivate and help them towards security improvement. An intervention costing less than two days’ effort from a facilitator plus half a day of team effort can significantly improve that team’s software security. This case study describes how this approach was used with one commercial team, and identifies its impact using Participative Action Research. With suitable improvements, the approach has the potential to help many other development teams.

KW - Developer centered security

KW - Case study

KW - Software security

KW - software developer

KW - intervention

KW - action research

M3 - Conference contribution/Paper

BT - Proceedings of the IEEE Cybersecurity Development Conference 2018

A2 - Yeo, Daphne

A2 - Chong, Stephen

PB - IEEE

ER -