The state of secure coding practice: Small organisations and “lone, rogue coders”
| dc.contributor.author | Ryan, Ita | en |
| dc.contributor.author | Stol, Klaas-Jan | en |
| dc.contributor.author | Roedig, Utz | en |
| dc.contributor.funder | Science Foundation Ireland | en |
| dc.date.accessioned | 2023-07-11T10:24:01Z | |
| dc.date.available | 2023-07-11T10:24:01Z | |
| dc.date.issued | 2023-05 | en |
| dc.description.abstract | Software security is a rapidly developing problem. Malware, ransomware and spyware routinely leverage vulnerabilities in software to gain access to systems, escalate privileges and run adversarial code. One approach to solving this issue is to use secure software methods, which attempt to guide organisations in improving their software assurance. However, these methods implicitly assume the presence of substantial resources deployed in a compliance-mandated environment. The distinct and often limited environment in which small organisations, independent teams and lone coders operate is not considered. Advice for software security in small teams is almost absent from the literature, as is a way to measure the levels of secure coding in such teams. In order to address this problem, we must begin by understanding it. As part of the analysis of a large survey on current software security practice, we examined the current software security practices of small and open source organisations, and of lone and non-company developers. We present our results in this paper. We hope that they will facilitate the targeting of security advice to these neglected developer categories. | en |
| dc.description.sponsorship | Science Foundation Ireland (13/RC/2077 P2; 13/RC/2094 P2) | en |
| dc.description.status | Peer reviewed | en |
| dc.description.version | Accepted Version | en |
| dc.format.mimetype | application/pdf | en |
| dc.identifier.citation | Ryan, I., Stol, K.-J. and Roedig, U. (2023) ‘The state of secure coding practice: small organisations and “lone, rogue coders”’, in 2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS). Melbourne, Australia: IEEE, pp. 37–44. https://doi.org/10.1109/EnCyCriS59249.2023.00010 | en |
| dc.identifier.doi | 10.1109/EnCyCriS59249.2023.00010 | |
| dc.identifier.endpage | 30 | |
| dc.identifier.isbn | 979-8-3503-3815-7 | |
| dc.identifier.startpage | 23 | |
| dc.identifier.uri | https://hdl.handle.net/10468/14709 | |
| dc.language.iso | en | en |
| dc.publisher | Institute of Electrical and Electronics Engineers (IEEE) | en |
| dc.relation.project | info:eu-repo/grantAgreement/SFI/SFI Centres for Research Training Programme::Data and ICT Skills for the Future/18/CRT/6222/IE/SFI Centre for Research Training in Advanced Networks for Sustainable Societies/ | en |
| dc.relation.project | info:eu-repo/grantAgreement/SFI/SFI Starting Investigator Research Grant (SIRG)/15/SIRG/3293/IE/Software Development with Alternative Workforces/ | en |
| dc.relation.uri | https://doi.org/10.1109/EnCyCriS59249.2023.00010 | |
| dc.rights | © 2023, the Authors. For the purpose of Open Access, the authors have applied a CC-BY public copyright licence to any Author Accepted Manuscript version arising from this submission. Copyright of Published VOR: © IEEE | en |
| dc.rights.uri | https://creativecommons.org/licenses/by/4.0/ | en |
| dc.subject | Software security | en |
| dc.subject | Secure development tools | en |
| dc.subject | Secure development processes | en |
| dc.subject | Secure development | en |
| dc.subject | Software programmer | en |
| dc.subject | Software developer | en |
| dc.subject | Application security | en |
| dc.subject | Security issue | en |
| dc.subject | Secure programming | en |
| dc.subject | Secure application development | en |
| dc.subject | Secure development lifecycle | en |
| dc.subject | Measuring security | en |
| dc.title | The state of secure coding practice: Small organisations and “lone, rogue coders” | en |
| dc.type | Conference item | en |
