TY - JOUR

T1 - Security Responses in Software Development

AU - Lopez, Tamara

AU - Sharp, Helen

AU - Tun, Thein

AU - Bandara, Arosha

AU - Levine, Mark

AU - Nuseibeh, Bashar

PY - 2023/7/31

Y1 - 2023/7/31

N2 - The pressure on software developers to produce secure software has never been greater. But what does security look like in environments that do not produce security-critical software? In answer to this question, this multi-sited ethnographic study characterizes security episodes and identifies five typical behaviors in software development. Using theory drawn from information security and motivation research in software engineering, this article characterizes key ways in which individual developers form security responses to meet the demands of particular circumstances, providing a framework managers and teams can use to recognize, understand, and alter security activity in their environments.

AB - The pressure on software developers to produce secure software has never been greater. But what does security look like in environments that do not produce security-critical software? In answer to this question, this multi-sited ethnographic study characterizes security episodes and identifies five typical behaviors in software development. Using theory drawn from information security and motivation research in software engineering, this article characterizes key ways in which individual developers form security responses to meet the demands of particular circumstances, providing a framework managers and teams can use to recognize, understand, and alter security activity in their environments.

KW - Software engineering

KW - Security

KW - Developers

U2 - 10.1145/3563211

DO - 10.1145/3563211

M3 - Journal article

VL - 32

SP - 1

EP - 29

JO - ACM Transactions on Software Engineering and Methodology

JF - ACM Transactions on Software Engineering and Methodology

SN - 1049-331X

IS - 3

M1 - 64

ER -