Understanding developer security archetypes
| dc.contributor.author | Ryan, Ita | |
| dc.contributor.author | Roedig, Utz | |
| dc.contributor.author | Stol, Klaas-Jan | |
| dc.contributor.funder | Science Foundation Ireland | en |
| dc.date.accessioned | 2021-07-13T11:46:49Z | |
| dc.date.available | 2021-07-13T11:46:49Z | |
| dc.date.issued | 2021-06 | |
| dc.date.updated | 2021-07-13T11:33:46Z | |
| dc.description.abstract | As software systems penetrate our everyday lives, security has risen to be a key concern. Despite decades of research leading to new tools and practices for writing secure code, achieving security as a key attribute remains highly challenging. We observe that much of the literature considers developers to be homogeneous and interchangeable. The differing circumstances of developers that might play a role in the writing of secure code have not been clearly defined. In this position paper we introduce the concept of developer security archetypes. Specifically, we suggest two key factors: developersâ personal interest in security, and the support that developers receive from their environment. Together, these two dimensions define four archetypes which can be uniquely characterized. By distinguishing developer archetypes, we seek to better understand how developers perceive security-related issues in systems development, as well as how to better support them. | en |
| dc.description.sponsorship | Science Foundation Ireland (SFI Grant numbers 18/CRT/6222, 13/RC/2077_P2, 13/RC/2094_P2, and 15/SIRG/3293) | en |
| dc.description.status | Peer reviewed | en |
| dc.description.version | Accepted Version | en |
| dc.format.mimetype | application/pdf | en |
| dc.identifier.citation | Ryan, I., Roedig, U. and Stol, K. J. (2021) 'Understanding Developer Security Archetypes', 2021 IEEE/ACM 2nd International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS), Madrid, Spain, 3-4 June 2021, pp. 37-40. doi: 10.1109/EnCyCriS52570.2021.00013 | en |
| dc.identifier.doi | 10.1109/EnCyCriS52570.2021.00013 | en |
| dc.identifier.endpage | 40 | en |
| dc.identifier.isbn | 978-1-6654-4553-5 | |
| dc.identifier.startpage | 37 | en |
| dc.identifier.uri | https://hdl.handle.net/10468/11563 | |
| dc.language.iso | en | en |
| dc.publisher | Institute of Electrical and Electronics Engineers, IEEE | en |
| dc.relation.ispartof | 2021 IEEE/ACM 2nd International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) | |
| dc.relation.project | info:eu-repo/grantAgreement/SFI/SFI Research Centres/13/RC/2077/IE/CONNECT: The Centre for Future Networks & Communications/ | en |
| dc.relation.project | info:eu-repo/grantAgreement/SFI/SFI Research Centres/13/RC/2094/IE/Lero - the Irish Software Research Centre/ | en |
| dc.relation.project | info:eu-repo/grantAgreement/SFI/SFI Starting Investigator Research Grant (SIRG)/15/SIRG/3293/IE/Software Development with Alternative Workforces/ | en |
| dc.relation.uri | https://ieeexplore.ieee.org/document/9476058 | |
| dc.rights | For the purpose of Open Access, the authors have applied a CC BY public copyright licence to this Author Accepted Manuscript; Copyright published version: © 2021, the Authors. | en |
| dc.rights.uri | https://creativecommons.org/licenses/by/4.0/ | en |
| dc.subject | Developer centred security | en |
| dc.subject | Archetype | en |
| dc.subject | Developer security | en |
| dc.subject | Software security | en |
| dc.subject | Developer | en |
| dc.subject | Training | en |
| dc.subject | Systematics | en |
| dc.subject | Conferences | en |
| dc.subject | Human factors | en |
| dc.subject | Tools | en |
| dc.subject | Writing | en |
| dc.subject | Software systems | en |
| dc.title | Understanding developer security archetypes | en |
| dc.type | Conference item | en |
