Rights statement: ©2022 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Accepted author manuscript, 1.56 MB, PDF document
Available under license: CC BY: Creative Commons Attribution 4.0 International License
Final published version
Licence: CC BY: Creative Commons Attribution 4.0 International License
Research output: Contribution to Journal/Magazine › Journal article › peer-review
Research output: Contribution to Journal/Magazine › Journal article › peer-review
}
TY - JOUR
T1 - Exploring the Shift in Security Responsibility
AU - Weir, Charles
AU - Migues, Sammy
AU - Williams, Laurie
N1 - ©2022 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
PY - 2022/11/30
Y1 - 2022/11/30
N2 - As software security becomes vital, how are organizations adapting to the challenge? This article explores a 12-year survey, structured using the Building Security in Maturity Model (BSIMM) framework, of software security activity adoption by the software security group in 211 large companies. The results indicate a gradual increase in the mean number of activities adopted by the companies surveyed, beginning in 2015. The top 11 most commonly-used activities are used by more than 61% of the companies, and also tend to be used together. Overall, the results indicate a shift in security experts’ responsibilities away from supporting development teams towards supporting the wider organization, and a validation of the value of security champions embedded in the development organization.
AB - As software security becomes vital, how are organizations adapting to the challenge? This article explores a 12-year survey, structured using the Building Security in Maturity Model (BSIMM) framework, of software security activity adoption by the software security group in 211 large companies. The results indicate a gradual increase in the mean number of activities adopted by the companies surveyed, beginning in 2015. The top 11 most commonly-used activities are used by more than 61% of the companies, and also tend to be used together. Overall, the results indicate a shift in security experts’ responsibilities away from supporting development teams towards supporting the wider organization, and a validation of the value of security champions embedded in the development organization.
KW - Software Security
KW - BSIMM
KW - Satellite
KW - cybersecurity
KW - software developers
KW - Longitudinal surveys
UR - http://www.scopus.com/inward/record.url?scp=85126335655&partnerID=8YFLogxK
U2 - 10.1109/MSEC.2022.3150238
DO - 10.1109/MSEC.2022.3150238
M3 - Journal article
VL - 20
SP - 8
EP - 17
JO - IEEE Security and Privacy Magazine
JF - IEEE Security and Privacy Magazine
SN - 1540-7993
IS - 6
ER -