| 59843 |
Creator |
538f1c84b12380f11bca5400a4763d64 |
| 59843 |
Creator |
c97cb5a4b00af57fd153f1594e29047d |
| 59843 |
Creator |
e0b7fd620a538ed1e211c81a48d5a5fd |
| 59843 |
Creator |
eb1a0182e6ea336167735f7009ed60e8 |
| 59843 |
Creator |
e78fb76e28392daa1faea2ef11c875ca |
| 59843 |
Creator |
ext-7f466b52a20d04219e97bfb27a66d71c |
| 59843 |
Date |
2019-05-27 |
| 59843 |
Is Part Of |
repository |
| 59843 |
Is Part Of |
p3be1a7ec85d9ec173656385f2236ffdb |
| 59843 |
abstract |
Security of software systems is of general concern, yet breaches caused by common
vulnerabilities still occur. Software developers are routinely called upon to ”do
more” to address this situation. However there has been little focus on the developers’
point of view, and understanding how security features in their day-to-day activities.
This paper reports preliminary findings of semi-structured interviews taken during
an ethnographic study of professional software developers in one organization who
are not security experts. The overall study aims to understand how security features
in day-to-day practice, while analysis of the interview data asks whether developers
are responsible for security. The study reveals that awareness around security matters
is raised through several paths including processes, standards, practices and company
training and that a focus on security is driven by contextual factors. Security is
taken care of with policies and through safeguards, and is handled differently depending
on whether a team is developing new features, and hence ”looking forward”, or working
with existing code and hence ”looking back”. Developers take and share responsibility
for security in the code, but suggest that their responsibility has limits, and relies
on collective practice. |
| 59843 |
authorList |
authors |
| 59843 |
presentedAt |
ext-bbcd55efea9fc0ccf97944052cccf3da |
| 59843 |
status |
peerReviewed |
| 59843 |
uri |
http://data.open.ac.uk/oro/document/810184 |
| 59843 |
uri |
http://data.open.ac.uk/oro/document/810185 |
| 59843 |
uri |
http://data.open.ac.uk/oro/document/810186 |
| 59843 |
uri |
http://data.open.ac.uk/oro/document/810187 |
| 59843 |
uri |
http://data.open.ac.uk/oro/document/810188 |
| 59843 |
uri |
http://data.open.ac.uk/oro/document/810189 |
| 59843 |
uri |
http://data.open.ac.uk/oro/document/836958 |
| 59843 |
type |
AcademicArticle |
| 59843 |
type |
Article |
| 59843 |
label |
Lopez, Tamara ; Sharp, Helen ; Tun, Thein ; Bandara, Arosha ; Levine, Mark and
Nuseibeh, Bashar (2019). Hopefully We Are Mostly Secure: Views on Secure Code in
Professional Practice. In: 12th International Workshop on Cooperative and Human
Aspects of Software Engineering (CHASE), 27 May 2019, Montréal, Canada, (In Press).
|
| 59843 |
label |
Lopez, Tamara ; Sharp, Helen ; Tun, Thein ; Bandara, Arosha ; Levine, Mark and
Nuseibeh, Bashar (2019). Hopefully We Are Mostly Secure: Views on Secure Code in
Professional Practice. In: Proceedings of the 12th International Workshop on Cooperative
and Human Aspects of Software Engineering pp. 61–68. |
| 59843 |
label |
Lopez, Tamara ; Sharp, Helen ; Tun, Thein ; Bandara, Arosha ; Levine, Mark and Nuseibeh,
Bashar (2019). Hopefully We Are Mostly Secure: Views on Secure Code in Professional
Practice. In: Proceedings of the 12th International Workshop on Cooperative and
Human Aspects of Software Engineering pp. 61–68. |
| 59843 |
Title |
Hopefully We Are Mostly Secure: Views on Secure Code in Professional Practice |
| 59843 |
in dataset |
oro |