2019 IEEE/ACM Joint 7th International Workshop on Conducting Empirical Studies in Industry (CESI) and 6th International Worksho 2019
DOI: 10.1109/cesser-ip.2019.00014
|View full text |Cite
|
Sign up to set email alerts
|

Talking About Security with Professional Developers

Abstract: This paper describes materials developed to engage professional developers in discussions about security. First, the work is framed in the context of ethnographic studies of software development, highlighting how the method is used to explore and investigate research aims for the Motivating Jenny research project. A description is given of a series of practitioner engagements, that were used to develop a reflection and discussion tool using security stories taken from media and internet sources. An explanation… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
7
0

Year Published

2020
2020
2023
2023

Publication Types

Select...
4
3
1

Relationship

0
8

Authors

Journals

citations
Cited by 15 publications
(7 citation statements)
references
References 23 publications
0
7
0
Order By: Relevance
“…To encourage developer security, there is a need to raise developers' security awareness [127]. This was achieved using playful workshops [128]. However, awareness is only the first step [129], as individuals need to be supported through training to have the ability to perform the expected behavior.…”
Section: Figure 2 Threat Modeling Process [61]mentioning
confidence: 99%
“…To encourage developer security, there is a need to raise developers' security awareness [127]. This was achieved using playful workshops [128]. However, awareness is only the first step [129], as individuals need to be supported through training to have the ability to perform the expected behavior.…”
Section: Figure 2 Threat Modeling Process [61]mentioning
confidence: 99%
“…Hall et al (2008) framed these motivators as 'intrinsic', relating them to self-determination theory (Herzberg 2017). Lopez et al (2019a) concluded that to encourage developer security there is a need to "raise developers' security awareness;" they successfully used 'playful workshops' to do so (Lopez et al 2019b).…”
Section: Motivating Change In Development Teamsmentioning
confidence: 99%
“…Their studies highlighted that most developers might have an attitude that security is someone else's responsibility [35], or perceive it as a hindrance [36], or in contrast, consider security to be a shared responsibility [38]. Furthermore, other researchers also emphasized that interaction through a gamification approach is an effective tool to engage developers in security practices as developers often enjoy the physical aspects of a game [39].…”
Section: Related Workmentioning
confidence: 99%
“…As a result, developers can introduce vulnerabilities into the source code, assuming that frameworks or libraries properly handle security by default. Additionally, Lopez et al [39] highlighted that public incidents enable information trading and risk awareness. Developers usually build awareness by expanding on technical information and providing additional scenarios and examples from their personal experiences.…”
Section: D26mentioning
confidence: 99%