Accepted author manuscript, 723 KB, PDF document
Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License
Research output: Contribution to Journal/Magazine › Journal article › peer-review
Research output: Contribution to Journal/Magazine › Journal article › peer-review
}
TY - JOUR
T1 - Challenging Software Developers
T2 - Dialectic as a Foundation for Security Assurance Techniques
AU - Weir, Charles
AU - Noble, James
AU - Rashid, Awaid
PY - 2020/4/21
Y1 - 2020/4/21
N2 - Development teams are increasingly expected to deliver secure code, but how can they best achieve this? Traditional security practice, which emphasises 'telling developers what to do' using checklists, processes and errors to avoid, has proved difficult to introduce. From analysis of industry interviews with a dozen experts in app development security, we find that secure development requires dialectic: a challenging dialog between the developers and a range of counterparties, continued throughout the development cycle. Analysing a further survey of sixteen industry developer security advocates, we identify the six assurance techniques that are most effective at achieving this dialectic in existing development teams, and conclude that the introduction of these techniques is best driven by the developers themselves. Concentrating on these six assurance techniques, and the dialectical interactions they involve, has the potential to increase the security of development activities and thus improve software security for everyone.
AB - Development teams are increasingly expected to deliver secure code, but how can they best achieve this? Traditional security practice, which emphasises 'telling developers what to do' using checklists, processes and errors to avoid, has proved difficult to introduce. From analysis of industry interviews with a dozen experts in app development security, we find that secure development requires dialectic: a challenging dialog between the developers and a range of counterparties, continued throughout the development cycle. Analysing a further survey of sixteen industry developer security advocates, we identify the six assurance techniques that are most effective at achieving this dialectic in existing development teams, and conclude that the introduction of these techniques is best driven by the developers themselves. Concentrating on these six assurance techniques, and the dialectical interactions they involve, has the potential to increase the security of development activities and thus improve software security for everyone.
KW - dialectical security
KW - grounded theory
KW - developer centred security
KW - software development
KW - assurance technique
KW - software security
M3 - Journal article
JO - Journal of Cybersecurity
JF - Journal of Cybersecurity
SN - 2057-2093
ER -