Rights statement: Permission to freely reproduce all or part of this paper for non-commercial purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author (for reproduction of an entire paper only), and the author’s employer if the paper was prepared within the scope of employment.
Final published version, 642 KB, PDF document
Available under license: Other
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - I'd Like to Have an Argument, Please
T2 - The 2nd European Workshop on Usable Security
AU - Weir, Charles
AU - Rashid, Awais
AU - Noble, James
PY - 2017/4/29
Y1 - 2017/4/29
N2 - The lack of good secure development practice for app developers threatens everyone who uses mobile software. Current practice emphasizes checklists of processes and security errors to avoid, and has not proved effective in the application development domain. Based on analysis of interviews with relevant security experts, we suggest that secure app development requires 'dialectic': challenging dialog with a range of counterparties, continued throughout the development cycle. By further studying the different dialectic techniques possible in programmers' communications, we shall be able to empower app developers to produce the secure software that we need.
AB - The lack of good secure development practice for app developers threatens everyone who uses mobile software. Current practice emphasizes checklists of processes and security errors to avoid, and has not proved effective in the application development domain. Based on analysis of interviews with relevant security experts, we suggest that secure app development requires 'dialectic': challenging dialog with a range of counterparties, continued throughout the development cycle. By further studying the different dialectic techniques possible in programmers' communications, we shall be able to empower app developers to produce the secure software that we need.
KW - app developer
KW - app development
KW - app programmer
KW - app security
KW - application security
KW - dialectic
KW - dialectical security
KW - dialectical security technique
KW - grounded theory
KW - mobile app
KW - penetration testing
KW - secure app
KW - secure app development
KW - secure development
KW - secure software
KW - security code review
KW - security issue
KW - security pattern
KW - software engineering
KW - software security
KW - whole system security
M3 - Conference contribution/Paper
BT - EuroUSEC 2017
PB - Internet Society
CY - Reston, VA
Y2 - 29 April 2017 through 29 April 2017
ER -