Security Responses in Software Development-Reference-Cited by-同舟云学术

Security Responses in Software Development

Published:2023-04-26 Issue:3 Volume:32 Page:1-29
ISSN:1049-331X
Container-title:ACM Transactions on Software Engineering and Methodology
language:en
Short-container-title:ACM Trans. Softw. Eng. Methodol.

Author:

Lopez Tamara¹^ORCID,Sharp Helen¹^ORCID,Bandara Arosha¹^ORCID,Tun Thein¹^ORCID,Levine Mark²^ORCID,Nuseibeh Bashar³^ORCID

Affiliation:

1. School ofComputing and Communications, The Open University, Walton Hall, Milton Keynes, UK

2. Department of Psychology, University of Lancaster, Bailrigg, Lancaster, UK

3. School of Computing and Communications, The Open University, Walton Hall, Milton Keynes, UK and Lero-The Irish Software Research Centre, Republic of Ireland

Abstract

The pressure on software developers to produce secure software has never been greater. But what does security look like in environments that do not produce security-critical software? In answer to this question, this multi-sited ethnographic study characterizes security episodes and identifies five typical behaviors in software development. Using theory drawn from information security and motivation research in software engineering, this article characterizes key ways in which individual developers form security responses to meet the demands of particular circumstances, providing a framework managers and teams can use to recognize, understand, and alter security activity in their environments.

Funder

UK NCSC, UKRI/EPSRC

SFI

Publisher

Association for Computing Machinery (ACM)

Subject

Software

Link

https://dl.acm.org/doi/pdf/10.1145/3563211

Reference74 articles.

1. Yasemin Acar, Sascha Fahl, and Michelle L. Mazurek. 2016. You are not your developer, either: A research agenda for usable security and privacy research beyond end users. In Proceedings of the IEEE Conference on Cybersecurity Development (SecDev’16). IEEE, 3–8.

2. Yasemin Acar, Christian Stransky, Dominik Wermke, Charles Weir, Michelle L. Mazurek, and Sascha Fahl. 2017. Developers need support, too: A survey of security advice for software developers. In Proceedings of the IEEE Conference on Cybersecurity Development (SecDev’17). IEEE, 22–26.

3. Users are not the enemy

4. Inner work life: Understanding the subtext of business performance;Amabile Teresa M.;Harv. Bus. Rev.,2007

5. Bob Anderson. 1997. Work, ethnography and system design. In The Encyclopedia of Microcomputers, Vol. 20. Marcel Dekker, 159–183.

Cited by 4 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Automating Static Code Analysis Through CI/CD Pipeline Integration;2024 IEEE International Conference on Software Analysis, Evolution and Reengineering - Companion (SANER-C);2024-03-12

2. Humans in the Loop: People at the Heart of Systems Development;Introduction to Digital Humanism;2023-12-21

3. Unhelpful Assumptions in Software Security Research;Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security;2023-11-15

4. Accounting for socio-technical resilience in software engineering;2023 IEEE/ACM 16th International Conference on Cooperative and Human Aspects of Software Engineering (CHASE);2023-05