Home > Research > Publications & Outputs > Security Responses in Software Development

Electronic data

  • TOSEM-2021-0135.FinalSubmission

    Accepted author manuscript, 3.7 MB, PDF document

    Available under license: CC BY: Creative Commons Attribution 4.0 International License


Text available via DOI:

View graph of relations

Security Responses in Software Development

Research output: Contribution to Journal/MagazineJournal articlepeer-review

  • Tamara Lopez
  • Helen Sharp
  • Thein Tun
  • Arosha Bandara
  • Mark Levine
  • Bashar Nuseibeh
Article number64
<mark>Journal publication date</mark>31/07/2023
<mark>Journal</mark>ACM Transactions on Software Engineering and Methodology
Issue number3
Number of pages29
Pages (from-to)1-29
Publication StatusPublished
Early online date12/09/22
<mark>Original language</mark>English


The pressure on software developers to produce secure software has never been greater. But what does security look like in environments that do not produce security-critical software? In answer to this question, this multi-sited ethnographic study characterizes security episodes and identifies five typical behaviors in software development. Using theory drawn from information security and motivation research in software engineering, this article characterizes key ways in which individual developers form security responses to meet the demands of particular circumstances, providing a framework managers and teams can use to recognize, understand, and alter security activity in their environments.