Home > Research > Publications & Outputs > Exploring the Shift in Security Responsibility

Electronic data

  • Exploring the Shift in Security Responsibility

    Rights statement: ©2022 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

    Accepted author manuscript, 1.56 MB, PDF document

    Available under license: CC BY: Creative Commons Attribution 4.0 International License

Links

Text available via DOI:

View graph of relations

Exploring the Shift in Security Responsibility

Research output: Contribution to Journal/MagazineJournal articlepeer-review

Published
Close
<mark>Journal publication date</mark>30/11/2022
<mark>Journal</mark>IEEE Security and Privacy Magazine
Issue number6
Volume20
Number of pages15
Pages (from-to)8-17
Publication StatusPublished
Early online date10/03/22
<mark>Original language</mark>English

Abstract

As software security becomes vital, how are organizations adapting to the challenge? This article explores a 12-year survey, structured using the Building Security in Maturity Model (BSIMM) framework, of software security activity adoption by the software security group in 211 large companies. The results indicate a gradual increase in the mean number of activities adopted by the companies surveyed, beginning in 2015. The top 11 most commonly-used activities are used by more than 61% of the companies, and also tend to be used together. Overall, the results indicate a shift in security experts’ responsibilities away from supporting development teams towards supporting the wider organization, and a validation of the value of security champions embedded in the development organization.

Bibliographic note

©2022 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.