Standard
'Hopefully we are mostly secure': Views on secure code in professional practice. / Lopez, Tamara; Sharp, Helen; Tun, Thein et al.
Proceedings - 2019 IEEE/ACM 12th International Workshop on Cooperative and Human Aspects of Software Engineering, CHASE 2019. Institute of Electrical and Electronics Engineers Inc., 2019. p. 61-68 8816991 (Proceedings - 2019 IEEE/ACM 12th International Workshop on Cooperative and Human Aspects of Software Engineering, CHASE 2019).
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Harvard
Lopez, T, Sharp, H, Tun, T, Bandara, A
, Levine, M & Nuseibeh, B 2019,
'Hopefully we are mostly secure': Views on secure code in professional practice. in
Proceedings - 2019 IEEE/ACM 12th International Workshop on Cooperative and Human Aspects of Software Engineering, CHASE 2019., 8816991, Proceedings - 2019 IEEE/ACM 12th International Workshop on Cooperative and Human Aspects of Software Engineering, CHASE 2019, Institute of Electrical and Electronics Engineers Inc., pp. 61-68, 12th IEEE/ACM International Workshop on Cooperative and Human Aspects of Software Engineering, CHASE 2019, Montreal, Canada,
27/05/19.
https://doi.org/10.1109/CHASE.2019.00023
APA
Lopez, T., Sharp, H., Tun, T., Bandara, A.
, Levine, M., & Nuseibeh, B. (2019).
'Hopefully we are mostly secure': Views on secure code in professional practice. In
Proceedings - 2019 IEEE/ACM 12th International Workshop on Cooperative and Human Aspects of Software Engineering, CHASE 2019 (pp. 61-68). Article 8816991 (Proceedings - 2019 IEEE/ACM 12th International Workshop on Cooperative and Human Aspects of Software Engineering, CHASE 2019). Institute of Electrical and Electronics Engineers Inc..
https://doi.org/10.1109/CHASE.2019.00023
Vancouver
Lopez T, Sharp H, Tun T, Bandara A
, Levine M, Nuseibeh B.
'Hopefully we are mostly secure': Views on secure code in professional practice. In Proceedings - 2019 IEEE/ACM 12th International Workshop on Cooperative and Human Aspects of Software Engineering, CHASE 2019. Institute of Electrical and Electronics Engineers Inc. 2019. p. 61-68. 8816991. (Proceedings - 2019 IEEE/ACM 12th International Workshop on Cooperative and Human Aspects of Software Engineering, CHASE 2019). doi: 10.1109/CHASE.2019.00023
Author
Lopez, Tamara ; Sharp, Helen ; Tun, Thein et al. /
'Hopefully we are mostly secure' : Views on secure code in professional practice. Proceedings - 2019 IEEE/ACM 12th International Workshop on Cooperative and Human Aspects of Software Engineering, CHASE 2019. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 61-68 (Proceedings - 2019 IEEE/ACM 12th International Workshop on Cooperative and Human Aspects of Software Engineering, CHASE 2019).
Bibtex
@inproceedings{5a3b8dcad65f4fb383e1dfb27199632c,
title = "'Hopefully we are mostly secure': Views on secure code in professional practice",
abstract = "Security of software systems is of general concern, yet breaches caused by common vulnerabilities still occur. Software developers are routinely called upon to 'do more' to address this situation. However there has been little focus on the developers' point of view, and understanding how security features in their day-To-day activities. This paper reports preliminary findings of semi-structured interviews taken during an ethnographic study of professional software developers in one organization who are not security experts. The overall study aims to understand how security features in day-To-day practice, while analysis of the interview data asks whether developers are responsible for security. The study reveals that awareness around security matters is raised through several paths including processes, standards, practices and company training and that a focus on security is driven by contextual factors. Security is taken care of with policies and through safeguards, and is handled differently depending on whether a team is developing new features, and hence 'looking forward', or working with existing code and hence 'looking back'. Developers take and share responsibility for security in the code, but suggest that their responsibility has limits, and relies on collective practice.",
keywords = "Collaborative en vironments, Empirical studies, Secure software development",
author = "Tamara Lopez and Helen Sharp and Thein Tun and Arosha Bandara and Mark Levine and Bashar Nuseibeh",
year = "2019",
month = may,
day = "27",
doi = "10.1109/CHASE.2019.00023",
language = "English",
series = "Proceedings - 2019 IEEE/ACM 12th International Workshop on Cooperative and Human Aspects of Software Engineering, CHASE 2019",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "61--68",
booktitle = "Proceedings - 2019 IEEE/ACM 12th International Workshop on Cooperative and Human Aspects of Software Engineering, CHASE 2019",
note = "12th IEEE/ACM International Workshop on Cooperative and Human Aspects of Software Engineering, CHASE 2019 ; Conference date: 27-05-2019",
}
RIS
TY - GEN
T1 - 'Hopefully we are mostly secure'
T2 - 12th IEEE/ACM International Workshop on Cooperative and Human Aspects of Software Engineering, CHASE 2019
AU - Lopez, Tamara
AU - Sharp, Helen
AU - Tun, Thein
AU - Bandara, Arosha
AU - Levine, Mark
AU - Nuseibeh, Bashar
PY - 2019/5/27
Y1 - 2019/5/27
N2 - Security of software systems is of general concern, yet breaches caused by common vulnerabilities still occur. Software developers are routinely called upon to 'do more' to address this situation. However there has been little focus on the developers' point of view, and understanding how security features in their day-To-day activities. This paper reports preliminary findings of semi-structured interviews taken during an ethnographic study of professional software developers in one organization who are not security experts. The overall study aims to understand how security features in day-To-day practice, while analysis of the interview data asks whether developers are responsible for security. The study reveals that awareness around security matters is raised through several paths including processes, standards, practices and company training and that a focus on security is driven by contextual factors. Security is taken care of with policies and through safeguards, and is handled differently depending on whether a team is developing new features, and hence 'looking forward', or working with existing code and hence 'looking back'. Developers take and share responsibility for security in the code, but suggest that their responsibility has limits, and relies on collective practice.
AB - Security of software systems is of general concern, yet breaches caused by common vulnerabilities still occur. Software developers are routinely called upon to 'do more' to address this situation. However there has been little focus on the developers' point of view, and understanding how security features in their day-To-day activities. This paper reports preliminary findings of semi-structured interviews taken during an ethnographic study of professional software developers in one organization who are not security experts. The overall study aims to understand how security features in day-To-day practice, while analysis of the interview data asks whether developers are responsible for security. The study reveals that awareness around security matters is raised through several paths including processes, standards, practices and company training and that a focus on security is driven by contextual factors. Security is taken care of with policies and through safeguards, and is handled differently depending on whether a team is developing new features, and hence 'looking forward', or working with existing code and hence 'looking back'. Developers take and share responsibility for security in the code, but suggest that their responsibility has limits, and relies on collective practice.
KW - Collaborative en vironments
KW - Empirical studies
KW - Secure software development
U2 - 10.1109/CHASE.2019.00023
DO - 10.1109/CHASE.2019.00023
M3 - Conference contribution/Paper
AN - SCOPUS:85072792859
T3 - Proceedings - 2019 IEEE/ACM 12th International Workshop on Cooperative and Human Aspects of Software Engineering, CHASE 2019
SP - 61
EP - 68
BT - Proceedings - 2019 IEEE/ACM 12th International Workshop on Cooperative and Human Aspects of Software Engineering, CHASE 2019
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 27 May 2019
ER -