The state of secure coding practice: Small organisations and “lone, rogue coders”

cb
Thumbnail Image
Files
Date
2023-05
Authors
Ryan, Ita
Stol, Klaas-Jan
Roedig, Utz
Journal Title
Journal ISSN
Volume Title
Publisher
Institute of Electrical and Electronics Engineers (IEEE)
Published Version
10.1109/EnCyCriS59249.2023.00010
Research Projects
Organizational Units
Journal Issue
Abstract
Software security is a rapidly developing problem. Malware, ransomware and spyware routinely leverage vulnerabilities in software to gain access to systems, escalate privileges and run adversarial code. One approach to solving this issue is to use secure software methods, which attempt to guide organisations in improving their software assurance. However, these methods implicitly assume the presence of substantial resources deployed in a compliance-mandated environment. The distinct and often limited environment in which small organisations, independent teams and lone coders operate is not considered. Advice for software security in small teams is almost absent from the literature, as is a way to measure the levels of secure coding in such teams. In order to address this problem, we must begin by understanding it. As part of the analysis of a large survey on current software security practice, we examined the current software security practices of small and open source organisations, and of lone and non-company developers. We present our results in this paper. We hope that they will facilitate the targeting of security advice to these neglected developer categories.
Description
Keywords
Software security , Secure development tools , Secure development processes , Secure development , Software programmer , Software developer , Application security , Security issue , Secure programming , Secure application development , Secure development lifecycle , Measuring security
Citation
Ryan, I., Stol, K.-J. and Roedig, U. (2023) ‘The state of secure coding practice: small organisations and “lone, rogue coders”’, in 2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS). Melbourne, Australia: IEEE, pp. 37–44. https://doi.org/10.1109/EnCyCriS59249.2023.00010
Link to publisher’s version
https://doi.org/10.1109/EnCyCriS59249.2023.00010
URI
https://hdl.handle.net/10468/14709
Collections
Computer Science - Conference Items
Copyright
© 2023, the Authors. For the purpose of Open Access, the authors have applied a CC-BY public copyright licence to any Author Accepted Manuscript version arising from this submission. Copyright of Published VOR: © IEEE