Proceedings 2nd European Workshop on Usable Security 2017
DOI: 10.14722/eurousec.2017.23002
|View full text |Cite
|
Sign up to set email alerts
|

I'd Like to Have an Argument, Please: Using Dialectic for Effective App Security

Abstract: Abstract-The lack of good secure development practice for app developers threatens everyone who uses mobile software. Current practice emphasizes checklists of processes and security errors to avoid, and has not proved effective in the application development domain. Based on analysis of interviews with relevant security experts, we suggest that secure app development requires 'dialectic': challenging dialog with a range of counterparties, continued throughout the development cycle. By further studying the dif… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
6
0

Year Published

2018
2018
2022
2022

Publication Types

Select...
4
3
1

Relationship

0
8

Authors

Journals

citations
Cited by 12 publications
(6 citation statements)
references
References 28 publications
0
6
0
Order By: Relevance
“…Research has suggested that "challenge" talk between developers, rather than formal processes or artefacts, is the best way to develop techniques for security among developers [37]. Developers in this set do challenge each other, but do not, in the main, identify themselves in comments as upholding security or protecting code from attackers.…”
Section: B Tending To Securitymentioning
confidence: 99%
“…Research has suggested that "challenge" talk between developers, rather than formal processes or artefacts, is the best way to develop techniques for security among developers [37]. Developers in this set do challenge each other, but do not, in the main, identify themselves in comments as upholding security or protecting code from attackers.…”
Section: B Tending To Securitymentioning
confidence: 99%
“…Another coding game, Code Defenders [8], was primarily designed for crowed-sourcing purposes but also served in training [9]. In [10,11], the authors advocate the use of dialectics and games for raising developers' security. Gamifications within software engineering has been studied and used [12], for example as a means to incite developers to remove compilers warning [13].…”
Section: Introductionmentioning
confidence: 99%
“…Strategies should be able to evolve with minimal resistance in order to respond to the ever-changing threat landscape (Dove, 2011). Compliance with such strategies and policies can be driven promoting awareness of InfoSec concerns, providing developers with necessary skills, fostering a team culture about the importance of InfoSec compliance, and encouraging open discourse about security concerns (Bartsch, 2011;Bulgurcu et al, 2010;Keramati and Mirian-Hosseinabadi, 2008;Weir et al, 2017). Not only is it important to have developers engaged in the secure development of software, but stakeholders and customers should also be involved (Bartsch, 2011).…”
Section: Strategies and Relationshipsmentioning
confidence: 99%