Understanding developer security archetypes
Institute of Electrical and Electronics Engineers, IEEE
As software systems penetrate our everyday lives, security has risen to be a key concern. Despite decades of research leading to new tools and practices for writing secure code, achieving security as a key attribute remains highly challenging. We observe that much of the literature considers developers to be homogeneous and interchangeable. The differing circumstances of developers that might play a role in the writing of secure code have not been clearly defined. In this position paper we introduce the concept of developer security archetypes. Specifically, we suggest two key factors: developersâ personal interest in security, and the support that developers receive from their environment. Together, these two dimensions define four archetypes which can be uniquely characterized. By distinguishing developer archetypes, we seek to better understand how developers perceive security-related issues in systems development, as well as how to better support them.
Developer centred security , Archetype , Developer security , Software security , Developer , Training , Systematics , Conferences , Human factors , Tools , Writing , Software systems
Ryan, I., Roedig, U. and Stol, K. J. (2021) 'Understanding Developer Security Archetypes', 2021 IEEE/ACM 2nd International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS), Madrid, Spain, 3-4 June 2021, pp. 37-40. doi: 10.1109/EnCyCriS52570.2021.00013