The state of secure coding practice: Small organisations and “lone, rogue coders”

Loading...
Thumbnail Image
Files
Date
2023-05
Authors
Ryan, Ita
Stol, Klaas-Jan
Roedig, Utz
Journal Title
Journal ISSN
Volume Title
Publisher
Institute of Electrical and Electronics Engineers (IEEE)
Research Projects
Organizational Units
Journal Issue
Abstract
Software security is a rapidly developing problem. Malware, ransomware and spyware routinely leverage vulnerabilities in software to gain access to systems, escalate privileges and run adversarial code. One approach to solving this issue is to use secure software methods, which attempt to guide organisations in improving their software assurance. However, these methods implicitly assume the presence of substantial resources deployed in a compliance-mandated environment. The distinct and often limited environment in which small organisations, independent teams and lone coders operate is not considered. Advice for software security in small teams is almost absent from the literature, as is a way to measure the levels of secure coding in such teams. In order to address this problem, we must begin by understanding it. As part of the analysis of a large survey on current software security practice, we examined the current software security practices of small and open source organisations, and of lone and non-company developers. We present our results in this paper. We hope that they will facilitate the targeting of security advice to these neglected developer categories.
Description
Keywords
Software security , Secure development tools , Secure development processes , Secure development , Software programmer , Software developer , Application security , Security issue , Secure programming , Secure application development , Secure development lifecycle , Measuring security
Citation
Ryan, I., Stol, K.-J. and Roedig, U. (2023) ‘The state of secure coding practice: small organisations and “lone, rogue coders”’, in 2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS). Melbourne, Australia: IEEE, pp. 37–44. https://doi.org/10.1109/EnCyCriS59249.2023.00010