Understanding developer security archetypes

Loading...
Thumbnail Image
Files
Ryan.pdf(281.14 KB)
Accepted version
Date
2021-06
Authors
Ryan, Ita
Roedig, Utz
Stol, Klaas-Jan
Journal Title
Journal ISSN
Volume Title
Publisher
Institute of Electrical and Electronics Engineers, IEEE
Research Projects
Organizational Units
Journal Issue
Abstract
As software systems penetrate our everyday lives, security has risen to be a key concern. Despite decades of research leading to new tools and practices for writing secure code, achieving security as a key attribute remains highly challenging. We observe that much of the literature considers developers to be homogeneous and interchangeable. The differing circumstances of developers that might play a role in the writing of secure code have not been clearly defined. In this position paper we introduce the concept of developer security archetypes. Specifically, we suggest two key factors: developersâ personal interest in security, and the support that developers receive from their environment. Together, these two dimensions define four archetypes which can be uniquely characterized. By distinguishing developer archetypes, we seek to better understand how developers perceive security-related issues in systems development, as well as how to better support them.
Description
Keywords
Developer centred security , Archetype , Developer security , Software security , Developer , Training , Systematics , Conferences , Human factors , Tools , Writing , Software systems
Citation
Ryan, I., Roedig, U. and Stol, K. J. (2021) 'Understanding Developer Security Archetypes', 2021 IEEE/ACM 2nd International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS), Madrid, Spain, 3-4 June 2021, pp. 37-40. doi: 10.1109/EnCyCriS52570.2021.00013