Home > Research > Publications & Outputs > Exploring the Shift in Security Responsibility

Electronic data

  • Exploring the Shift in Security Responsibility

    Rights statement: ©2022 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

    Accepted author manuscript, 1.56 MB, PDF document

    Available under license: CC BY: Creative Commons Attribution 4.0 International License

Links

Text available via DOI:

View graph of relations

Exploring the Shift in Security Responsibility

Research output: Contribution to Journal/MagazineJournal articlepeer-review

Published

Standard

Exploring the Shift in Security Responsibility. / Weir, Charles; Migues, Sammy; Williams, Laurie.
In: IEEE Security and Privacy Magazine, Vol. 20, No. 6, 30.11.2022, p. 8-17.

Research output: Contribution to Journal/MagazineJournal articlepeer-review

Harvard

Weir, C, Migues, S & Williams, L 2022, 'Exploring the Shift in Security Responsibility', IEEE Security and Privacy Magazine, vol. 20, no. 6, pp. 8-17. https://doi.org/10.1109/MSEC.2022.3150238

APA

Weir, C., Migues, S., & Williams, L. (2022). Exploring the Shift in Security Responsibility. IEEE Security and Privacy Magazine, 20(6), 8-17. https://doi.org/10.1109/MSEC.2022.3150238

Vancouver

Weir C, Migues S, Williams L. Exploring the Shift in Security Responsibility. IEEE Security and Privacy Magazine. 2022 Nov 30;20(6):8-17. Epub 2022 Mar 10. doi: 10.1109/MSEC.2022.3150238

Author

Weir, Charles ; Migues, Sammy ; Williams, Laurie. / Exploring the Shift in Security Responsibility. In: IEEE Security and Privacy Magazine. 2022 ; Vol. 20, No. 6. pp. 8-17.

Bibtex

@article{b63938e31df547e18e0e77ee4ce2b9bf,
title = "Exploring the Shift in Security Responsibility",
abstract = "As software security becomes vital, how are organizations adapting to the challenge? This article explores a 12-year survey, structured using the Building Security in Maturity Model (BSIMM) framework, of software security activity adoption by the software security group in 211 large companies. The results indicate a gradual increase in the mean number of activities adopted by the companies surveyed, beginning in 2015. The top 11 most commonly-used activities are used by more than 61% of the companies, and also tend to be used together. Overall, the results indicate a shift in security experts{\textquoteright} responsibilities away from supporting development teams towards supporting the wider organization, and a validation of the value of security champions embedded in the development organization.",
keywords = "Software Security, BSIMM, Satellite, cybersecurity, software developers, Longitudinal surveys",
author = "Charles Weir and Sammy Migues and Laurie Williams",
note = "{\textcopyright}2022 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE. ",
year = "2022",
month = nov,
day = "30",
doi = "10.1109/MSEC.2022.3150238",
language = "English",
volume = "20",
pages = "8--17",
journal = "IEEE Security and Privacy Magazine",
issn = "1540-7993",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "6",

}

RIS

TY - JOUR

T1 - Exploring the Shift in Security Responsibility

AU - Weir, Charles

AU - Migues, Sammy

AU - Williams, Laurie

N1 - ©2022 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

PY - 2022/11/30

Y1 - 2022/11/30

N2 - As software security becomes vital, how are organizations adapting to the challenge? This article explores a 12-year survey, structured using the Building Security in Maturity Model (BSIMM) framework, of software security activity adoption by the software security group in 211 large companies. The results indicate a gradual increase in the mean number of activities adopted by the companies surveyed, beginning in 2015. The top 11 most commonly-used activities are used by more than 61% of the companies, and also tend to be used together. Overall, the results indicate a shift in security experts’ responsibilities away from supporting development teams towards supporting the wider organization, and a validation of the value of security champions embedded in the development organization.

AB - As software security becomes vital, how are organizations adapting to the challenge? This article explores a 12-year survey, structured using the Building Security in Maturity Model (BSIMM) framework, of software security activity adoption by the software security group in 211 large companies. The results indicate a gradual increase in the mean number of activities adopted by the companies surveyed, beginning in 2015. The top 11 most commonly-used activities are used by more than 61% of the companies, and also tend to be used together. Overall, the results indicate a shift in security experts’ responsibilities away from supporting development teams towards supporting the wider organization, and a validation of the value of security champions embedded in the development organization.

KW - Software Security

KW - BSIMM

KW - Satellite

KW - cybersecurity

KW - software developers

KW - Longitudinal surveys

UR - http://www.scopus.com/inward/record.url?scp=85126335655&partnerID=8YFLogxK

U2 - 10.1109/MSEC.2022.3150238

DO - 10.1109/MSEC.2022.3150238

M3 - Journal article

VL - 20

SP - 8

EP - 17

JO - IEEE Security and Privacy Magazine

JF - IEEE Security and Privacy Magazine

SN - 1540-7993

IS - 6

ER -