Challenging software developers: dialectic as a foundation for security assurance techniques release_lcujnyfisfgrzlngwtfxa7px5m

by Charles Weir, Awais Rashid, James Noble

Published in Journal of Cybersecurity by Oxford University Press (OUP).

2020  

Abstract

<jats:title>Abstract</jats:title> Development teams are increasingly expected to deliver secure code, but how can they best achieve this? Traditional security practice, which emphasizes 'telling developers what to do' using checklists, processes and errors to avoid, has proved difficult to introduce. From analysis of industry interviews with a dozen experts in app development security, we find that secure development requires 'dialectic': a challenging dialog between the developers and a range of counterparties, continued throughout the development cycle. Analysing a further survey of 16 industry developer security advocates, we identify the six assurance techniques that are most effective at achieving this dialectic in existing development teams, and conclude that the introduction of these techniques is best driven by the developers themselves. Concentrating on these six assurance techniques, and the dialectical interactions they involve, has the potential to increase the security of development activities and thus improve software security for everyone.
In application/xml+jats format

Archived Files and Locations

application/pdf  1.2 MB
file_a2htmfumkvajzlhkdeu5jmzpki
watermark.silverchair.com (publisher)
web.archive.org (webarchive)
Read Archived PDF
Preserved and Accessible
Type  article-journal
Stage   published
Date   2020-01-01
Language   en ?
Journal Metadata
Open Access Publication
In DOAJ
In ISSN ROAD
In Keepers Registry
ISSN-L:  2057-2093
Work Entity
access all versions, variants, and formats of this works (eg, pre-prints)
Catalog Record
Revision: ce47a98c-f018-42a4-973f-502a2cd9b872
API URL: JSON