Home > Research > Publications & Outputs > Interventions for Software Security

Electronic data

  • Interventions for Software Security

    Rights statement: ©2019 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

    Accepted author manuscript, 718 KB, PDF document

    Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License

Links

Text available via DOI:

View graph of relations

Interventions for Software Security: Creating a Lightweight Program of Assurance Techniques for Developers

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published

Standard

Interventions for Software Security : Creating a Lightweight Program of Assurance Techniques for Developers . / Weir, Charles ; Blair, Lynne; Becker, Ingolf; Noble, James; Sasse, Angela; Rashid, Awais.

Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Practice Track. ed. / Helen Sharpe; Michael Whalen. IEEE, 2019. p. 41-50.

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Harvard

Weir, C, Blair, L, Becker, I, Noble, J, Sasse, A & Rashid, A 2019, Interventions for Software Security: Creating a Lightweight Program of Assurance Techniques for Developers . in H Sharpe & M Whalen (eds), Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Practice Track. IEEE, pp. 41-50. https://doi.org/10.1109/ICSE-SEIP.2019.00013

APA

Weir, C., Blair, L., Becker, I., Noble, J., Sasse, A., & Rashid, A. (2019). Interventions for Software Security: Creating a Lightweight Program of Assurance Techniques for Developers . In H. Sharpe, & M. Whalen (Eds.), Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Practice Track (pp. 41-50). IEEE. https://doi.org/10.1109/ICSE-SEIP.2019.00013

Vancouver

Weir C, Blair L, Becker I, Noble J, Sasse A, Rashid A. Interventions for Software Security: Creating a Lightweight Program of Assurance Techniques for Developers . In Sharpe H, Whalen M, editors, Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Practice Track. IEEE. 2019. p. 41-50 https://doi.org/10.1109/ICSE-SEIP.2019.00013

Author

Weir, Charles ; Blair, Lynne ; Becker, Ingolf ; Noble, James ; Sasse, Angela ; Rashid, Awais. / Interventions for Software Security : Creating a Lightweight Program of Assurance Techniques for Developers . Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Practice Track. editor / Helen Sharpe ; Michael Whalen. IEEE, 2019. pp. 41-50

Bibtex

@inproceedings{30477c1d4bc94e3bb9c5a61a952f4ab1,
title = "Interventions for Software Security: Creating a Lightweight Program of Assurance Techniques for Developers ",
abstract = "Though some software development teams are highly effective at delivering security, others either do not care or do not have access to security experts to teach them how. Unfortunately, these latter teams are still responsible for the security of the systems they build: systems that are ever more important to ever more people. We propose that a series of lightweight interventions, six hours of facilitated workshops delivered over three months, can improve a team{\textquoteright}s motivation to consider security and awareness of assurance techniques, changing its security culture even when no security experts are involved. The interventions were developed after an Appreciative Inquiry and Grounded Theory survey of security professionals to find out what approaches work best. They were then validated in fieldwork with a Participatory Action Research study that de-livered the workshops to three development organizations. This approach has the potential to be applied by many development teams, improving the security of software worldwide.",
keywords = "Developer centered security, software security, software developer, intervention, action research",
author = "Charles Weir and Lynne Blair and Ingolf Becker and James Noble and Angela Sasse and Awais Rashid",
year = "2019",
month = may,
day = "25",
doi = "10.1109/ICSE-SEIP.2019.00013",
language = "English",
isbn = "9781728117614",
pages = "41--50",
editor = "Helen Sharpe and Michael Whalen",
booktitle = "Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering",
publisher = "IEEE",

}

RIS

TY - GEN

T1 - Interventions for Software Security

T2 - Creating a Lightweight Program of Assurance Techniques for Developers

AU - Weir, Charles

AU - Blair, Lynne

AU - Becker, Ingolf

AU - Noble, James

AU - Sasse, Angela

AU - Rashid, Awais

PY - 2019/5/25

Y1 - 2019/5/25

N2 - Though some software development teams are highly effective at delivering security, others either do not care or do not have access to security experts to teach them how. Unfortunately, these latter teams are still responsible for the security of the systems they build: systems that are ever more important to ever more people. We propose that a series of lightweight interventions, six hours of facilitated workshops delivered over three months, can improve a team’s motivation to consider security and awareness of assurance techniques, changing its security culture even when no security experts are involved. The interventions were developed after an Appreciative Inquiry and Grounded Theory survey of security professionals to find out what approaches work best. They were then validated in fieldwork with a Participatory Action Research study that de-livered the workshops to three development organizations. This approach has the potential to be applied by many development teams, improving the security of software worldwide.

AB - Though some software development teams are highly effective at delivering security, others either do not care or do not have access to security experts to teach them how. Unfortunately, these latter teams are still responsible for the security of the systems they build: systems that are ever more important to ever more people. We propose that a series of lightweight interventions, six hours of facilitated workshops delivered over three months, can improve a team’s motivation to consider security and awareness of assurance techniques, changing its security culture even when no security experts are involved. The interventions were developed after an Appreciative Inquiry and Grounded Theory survey of security professionals to find out what approaches work best. They were then validated in fieldwork with a Participatory Action Research study that de-livered the workshops to three development organizations. This approach has the potential to be applied by many development teams, improving the security of software worldwide.

KW - Developer centered security

KW - software security

KW - software developer

KW - intervention

KW - action research

U2 - 10.1109/ICSE-SEIP.2019.00013

DO - 10.1109/ICSE-SEIP.2019.00013

M3 - Conference contribution/Paper

SN - 9781728117614

SP - 41

EP - 50

BT - Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering

A2 - Sharpe, Helen

A2 - Whalen, Michael

PB - IEEE

ER -