Training developers to code securely: Theory and practice
| dc.contributor.author | Ryan, Ita | en |
| dc.contributor.author | Roedig, Utz | en |
| dc.contributor.author | Stol, Klaas-Jan | en |
| dc.contributor.funder | Science Foundation Ireland | en |
| dc.date.accessioned | 2024-09-02T09:51:19Z | |
| dc.date.available | 2024-09-02T09:51:19Z | |
| dc.date.issued | 2024-08-26 | en |
| dc.description.abstract | Software security is essential. Flaws in software design and coding produce vulnerabilities that can be exploited by hostile actors, resulting in ransomware, espionage and the hacking of critical infrastructure. Meanwhile, DevOps and continuous integration introduce speed imperatives, often bypassing traditional security gates. Software security responsibility is increasingly shifting to software developers. Industry insiders advise that this extra responsibility should be accompanied by developer training. But is it? Analysis of what constitutes good software security training is sparse, and there is little information on the amount and quality of training actually offered to developers in industry. We analyse recent literature to find the positive features of effective secure development training. We examine training information from a large developer survey (n=962) to assess how training in the field matches key positive features. We find that while some developers experience excellent secure-coding training, others receive inadequate training, and the majority receive none. | en |
| dc.description.status | Peer reviewed | en |
| dc.description.version | Published Version | en |
| dc.format.mimetype | application/pdf | en |
| dc.identifier.citation | Ryan, I., Roedig, U. and Stol, K.-J. (2024) 'Code Securely: Theory and Practice', In 2024 ACM/IEEE 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) and 2024 IEEE/ACM Second International Workshop on Software Vulnerability (EnCyCriS/SVM ’24), April 15, 2024, Lisbon, Portugal. ACM, New York, NY, USA, (8 pp). https://doi.org/10.1145/3643662.3643956 | en |
| dc.identifier.doi | 10.1145/3643662.3643956 | en |
| dc.identifier.endpage | 8 | en |
| dc.identifier.isbn | 979-8-4007-0565-6 | en |
| dc.identifier.startpage | 1 | en |
| dc.identifier.uri | https://hdl.handle.net/10468/16243 | |
| dc.language.iso | en | en |
| dc.publisher | ACM | en |
| dc.relation.ispartof | 2024 ACM/IEEE 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS) | en |
| dc.relation.ispartof | 2024 IEEE/ACM Second International Workshop on Software Vulnerability (EnCyCriS/SVM ’24) | en |
| dc.relation.project | info:eu-repo/grantAgreement/SFI/SFI Centres for Research Training Programme::Data and ICT Skills for the Future/18/CRT/6222/IE/SFI Centre for Research Training in Advanced Networks for Sustainable Societies/ | en |
| dc.relation.project | info:eu-repo/grantAgreement/SFI/SFI Research Centres Programme::Phase 2/13/RC/2077_P2/IE/CONNECT_Phase 2/ | en |
| dc.relation.project | info:eu-repo/grantAgreement/SFI/SFI Research Centres Programme::Phase 2/13/RC/2094_P2/IE/Lero_Phase 2/ | en |
| dc.relation.project | info:eu-repo/grantAgreement/SFI/SFI Starting Investigator Research Grant (SIRG)/15/SIRG/3293/IE/Software Development with Alternative Workforces/ | en |
| dc.rights | © 2024 Copyright held by the owner/author(s). This work licensed under Creative Commons Attribution International 4.0 License | en |
| dc.rights.uri | http://creativecommons.org/licenses/by/4.0/ | en |
| dc.subject | Secure software development | en |
| dc.subject | Security | en |
| dc.subject | Secure coding training | en |
| dc.title | Training developers to code securely: Theory and practice | en |
| dc.type | Article (peer-reviewed) | en |
| dc.type | Conference item | en |
