“ImmediateShortTerm3MthsAfterThatLOL”: Developer secure-coding sentiment, practice and culture in organisations
| dc.contributor.author | Ryan, Ita | en |
| dc.contributor.author | Roedig, Utz | en |
| dc.contributor.author | Stol, Klaas-Jan | en |
| dc.contributor.funder | Science Foundation Ireland | en |
| dc.date.accessioned | 2025-02-07T14:54:48Z | |
| dc.date.available | 2025-02-07T14:54:48Z | |
| dc.date.issued | 2025-05 | en |
| dc.description.abstract | As almost all areas of human endeavour undergo rapid digital transformation, secure coding is increasingly important to personal, commercial and national security. Yet studies have shown that software developers do not always prioritise or even understand security. Our large survey of organically sourced coders (n=863) examines how software developers currently experience secure coding in the workplace. We found that developers express an interest in secure coding, display basic security knowledge, and turn to their managers and teams first for help with security concerns. We found that developer secure coding sentiment and security practice do not correlate with organisational statistics such as size, but do correlate weakly with measures of security culture, indicating that organisational security support goes hand-in-hand with secure development. Most developers would look for help in-house if they had security concerns. Investigating the effects of code breaches, we found that for almost half of cases, code security does not increase, or increases only for a short time. | en |
| dc.description.sponsorship | Science Foundation Ireland (13/RC/2094-P2) | en |
| dc.description.status | Peer reviewed | en |
| dc.description.version | Accepted Version | en |
| dc.format.mimetype | application/pdf | en |
| dc.identifier.citation | Ryan, I., Roedig, U. and Stol, K.-J. (2025) '“ImmediateShortTerm3MthsAfterThatLOL”: Developer secure-coding sentiment, practice and culture in organisations', 47th International Conference on Software Engineering (ICSE 2025), 27 April - 3 May, Ottawa, Canada. | en |
| dc.identifier.endpage | 12 | en |
| dc.identifier.startpage | 1 | en |
| dc.identifier.uri | https://hdl.handle.net/10468/17008 | |
| dc.language.iso | en | en |
| dc.relation.ispartof | 47th International Conference on Software Engineering (ICSE 2025), 27 April - 3 May, Ottawa, Canada. | en |
| dc.relation.project | 13/RC/2094-P2 | en |
| dc.relation.project | info:eu-repo/grantAgreement/SFI/SFI Centres for Research Training Programme::Data and ICT Skills for the Future/18/CRT/6222/IE/SFI Centre for Research Training in Advanced Networks for Sustainable Societies/ | en |
| dc.rights | © 2025, the Authors. For the purpose of Open Access, the authors have applied a CC-BY public copyright license to any Author Accepted Manuscript version arising from this submission. | en |
| dc.rights.uri | https://creativecommons.org/licenses/by/4.0/ | en |
| dc.subject | Rapid digital transformation | en |
| dc.subject | Secure coding | en |
| dc.title | “ImmediateShortTerm3MthsAfterThatLOL”: Developer secure-coding sentiment, practice and culture in organisations | en |
| dc.type | Conference item | en |
