Home > Research > Publications & Outputs > Exploring the Shift in Security Responsibility

Electronic data

  • Exploring the Shift in Security Responsibility

    Rights statement: ©2022 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

    Accepted author manuscript, 1.56 MB, PDF document

    Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License

Links

Text available via DOI:

View graph of relations

Exploring the Shift in Security Responsibility

Research output: Contribution to journalJournal articlepeer-review

E-pub ahead of print
Close
<mark>Journal publication date</mark>10/03/2022
<mark>Journal</mark>IEEE Security and Privacy Magazine
Number of pages10
Pages (from-to)2-11
Publication StatusE-pub ahead of print
Early online date10/03/22
<mark>Original language</mark>English

Abstract

As software security becomes vital, how are organizations adapting to the challenge? This article explores a 12-year survey, structured using the Building Security in Maturity Model (BSIMM) framework, of software security activity adoption by the software security group in 211 large companies. The results indicate a gradual increase in the mean number of activities adopted by the companies surveyed, beginning in 2015. The top 11 most commonly-used activities are used by more than 61% of the companies, and also tend to be used together. Overall, the results indicate a shift in security experts’ responsibilities away from supporting development teams towards supporting the wider organization, and a validation of the value of security champions embedded in the development organization.

Bibliographic note

©2022 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.