Project: Security Practice in Software Development
The number of security breaches in commercial software is significant, placing pressure on software developers to deliver secure code. The Motivating Jenny project, funded by the National Cyber Security Centre and led by Professor Helen Sharp in the School of Computing and Communication at the Open University explored security practice in commercial software development. Using ethnography, this project examined the complex security climate in which commercial software is produced. Findings showed that decisions that have an impact on security within code are not always made by developers and their teams but instead reflect the attitudes and priorities of companies and their clients. This influence affects the way developers engage with security in practice. Conducted with the support of two industry collaborators in the UK, findings in this work have informed developer-centred security policy of the National Cyber Security Centre, formed the basis of a toolkit of materials for practitioners, and led to outreach activities at the British Computer Society.
Security Responses in Software Development
Lopez, T., Sharp, H., Tun, T., Bandara, A., Levine, M., & Nuseibeh, B. (2022). Security Responses in Software Development. ACM Transactions on Software Engineering and Methodology. https://dl.acm.org/doi/abs/10.1145/3563211
This paper documents a range of behaviours software developers employ to maintain security alongside production, providing an empirical baseline that managers and teams can use to understand and alter security activity in their own environments.