Measuring Developers' Software Security Skills, Usage, and Training Needs

2022 ◽  
pp. 2026-2048
Author(s):  
Tosin Daniel Oyetoyan ◽  
Martin Gilje Gilje Jaatun ◽  
Daniela Soares Cruzes
Keyword(s):  
Software Development ◽  
Software Security ◽  
Training Needs ◽  
Theoretical Background ◽  
Practical Skills ◽  
Divine Intervention ◽  
Development Organizations ◽  
Secure Software ◽  
Training Need ◽  
And Training

Software security does not emerge fully formed by divine intervention in deserving software development organizations; it requires that developers have the required theoretical background and practical skills to enable them to write secure software, and that the software security activities are actually performed, not just documented procedures that sit gathering dust on a shelf. In this chapter, the authors present a survey instrument that can be used to investigate software security usage, competence, and training needs in agile organizations. They present results of using this instrument in two organizations. They find that regardless of cost or benefit, skill drives the kind of activities that are performed, and secure design may be the most important training need.

Measuring Developers' Software Security Skills, Usage, and Training Needs

2019 ◽  
pp. 260-286 ◽  
Author(s):  
Tosin Daniel Oyetoyan ◽  
Martin Gilje Gilje Jaatun ◽  
Daniela Soares Cruzes
Keyword(s):  
Software Development ◽  
Software Security ◽  
Training Needs ◽  
Theoretical Background ◽  
Practical Skills ◽  
Divine Intervention ◽  
Development Organizations ◽  
Secure Software ◽  
Training Need ◽  
And Training

Software security does not emerge fully formed by divine intervention in deserving software development organizations; it requires that developers have the required theoretical background and practical skills to enable them to write secure software, and that the software security activities are actually performed, not just documented procedures that sit gathering dust on a shelf. In this chapter, the authors present a survey instrument that can be used to investigate software security usage, competence, and training needs in agile organizations. They present results of using this instrument in two organizations. They find that regardless of cost or benefit, skill drives the kind of activities that are performed, and secure design may be the most important training need.

A Lightweight Measurement of Software Security Skills, Usage and Training Needs in Agile Teams

2017 ◽  
Vol 8 (1) ◽  
pp. 1-27 ◽  
Author(s):  
Tosin Daniel Oyetoyan ◽  
Martin Gilje Jaatun ◽  
Daniela Soares Cruzes
Keyword(s):  
Software Security ◽  
Training Needs ◽  
Engineering Process ◽  
Application Security ◽  
Security Practices ◽  
Abstract Level ◽  
Agile Software ◽  
Training Need ◽  
And Training ◽  
Agile Teams

Although most organizations understand the need for application security at an abstract level, achieving adequate software security at the sharp end requires taking bold steps to address security practices within the organization. In the Agile software development world, a security engineering process is unacceptable if it is perceived to run counter to the agile values, and agile teams have thus approached software security activities in their own way. To improve security within agile settings requires that management understands the current practices of software security activities within their agile teams. In this study, the authors have used a survey instrument to investigate software security usage, competence, and training needs in two agile organizations. They find that (1) The two organizations perform differently in terms of core software security activities, but are similar when secondary activities that could be leveraged for security are considered (2) regardless of cost or benefit, skill drives the kind of activities that are performed (3) Secure design is expressed as the most important training need by all groups in both organizations (4) Effective software security adoption in agile setting is not automatic, it requires a driver.

scholarly journals Software Development Initiatives to Identify and Mitigate Security Threats - Two Systematic Mapping Studies

2016 ◽  
Author(s):  
Paulina Silva ◽  
René Noël ◽  
Santiago Matalonga ◽  
Hernán Astudillo ◽  
Diego Gatica ◽  
...  
Keyword(s):  
Software Development ◽  
Software Security ◽  
The Other ◽  
Software Systems ◽  
Security Threats ◽  
Controlled Experiments ◽  
Systematic Mapping ◽  
Development Lifecycle ◽  
Secure Software ◽  
Software Development Lifecycle

Software Security and development experts have addressed the problem of building secure software systems. There are several processes and initiatives to achieve secure software systems. However, most of these lack empirical evidence of its application and impact in building secure software systems. Two systematic mapping studies (SM) have been conducted to cover the existent initiatives for identification and mitigation of security threats. The SMs created were executed in two steps, first in 2015 July, and complemented through a backward snowballing in 2016 July. Integrated results of these two SM studies show a total of 30 relevant sources were identified; 17 different initiatives covering threats identification and 14 covering the mitigation of threats were found. All the initiatives were associated to at least one activity of the Software Development Lifecycle (SDLC); while 6 showed signs of being applied in industrial settings, only 3 initiatives presented experimental evidence of its results through controlled experiments, some of the other selected studies presented case studies or proposals.

A Survey on Secure Software Development Lifecycles

2014 ◽  
pp. 17-33
Author(s):  
José Fonseca ◽  
Marco Vieira
Keyword(s):  
Software Development ◽  
Software Security ◽  
Software Products ◽  
Development Lifecycle ◽  
Software Product ◽  
Secure Software ◽  
Secure Software Development ◽  
Software Development Practices ◽  
Complete Solutions ◽  
The Web

This chapter presents a survey on the most relevant software development practices that are used nowadays to build software products for the web, with security built in. It starts by presenting three of the most relevant Secure Software Development Lifecycles, which are complete solutions that can be adopted by development companies: the CLASP, the Microsoft Secure Development Lifecycle, and the Software Security Touchpoints. However it is not always feasible to change ongoing projects or replace the methodology in place. So, this chapter also discusses other relevant initiatives that can be integrated into existing development practices, which can be used to build and maintain safer software products: the OpenSAMM, the BSIMM, the SAFECode, and the Securosis. The main features of these security development proposals are also compared according to their highlights and the goals of the target software product.

A Survey on Secure Software Development Lifecycles

2013 ◽  
pp. 57-73 ◽  
Author(s):  
José Fonseca ◽  
Marco Vieira
Keyword(s):  
Software Development ◽  
Software Security ◽  
Software Products ◽  
Development Lifecycle ◽  
Software Product ◽  
Secure Software ◽  
Secure Software Development ◽  
Software Development Practices ◽  
Complete Solutions ◽  
The Web

This chapter presents a survey on the most relevant software development practices that are used nowadays to build software products for the web, with security built in. It starts by presenting three of the most relevant Secure Software Development Lifecycles, which are complete solutions that can be adopted by development companies: the CLASP, the Microsoft Secure Development Lifecycle, and the Software Security Touchpoints. However it is not always feasible to change ongoing projects or replace the methodology in place. So, this chapter also discusses other relevant initiatives that can be integrated into existing development practices, which can be used to build and maintain safer software products: the OpenSAMM, the BSIMM, the SAFECode, and the Securosis. The main features of these security development proposals are also compared according to their highlights and the goals of the target software product.

scholarly journals A Case-based Management System for Secure Software Development Using Software Security Knowledge

2015 ◽  
Vol 60 ◽  
pp. 1092-1100 ◽  
Author(s):  
Masahito Saito ◽  
Atsuo Hazeyama ◽  
Nobukazu Yoshioka ◽  
Takanori Kobashi ◽  
Hironori Washizaki ◽  
...  
Keyword(s):  
Software Development ◽  
Management System ◽  
Software Security ◽  
Secure Software ◽  
Secure Software Development ◽  
Case Based

scholarly journals Practical Skills of Rhythmic Gymnastics Judges

2013 ◽  
Vol 39 (1) ◽  
pp. 243-249 ◽  
Author(s):  
Maria A. Fernandez-Villarino ◽  
Marta Bobo-Arce ◽  
Elena Sierra-Palmeiro
Keyword(s):  
Training Needs ◽  
Assessment Process ◽  
Practical Skills ◽  
Initial Training ◽  
Technical Parameters ◽  
Training Models ◽  
Effective Professional Development ◽  
Self Confidence ◽  
Rhythmic Gymnastics ◽  
And Training

Abstract The aim of this study was to analyze the practical skills of rhythmic gymnastics judges and to identify how their degree and experience influence the assessment of these skills. Sixty one rhythmic gymnastics judges participated in the study. A questionnaire was used for data collection. This tool was composed of 28 questions and divided into six categories: identification, experience, initial training, continuing education, skills and training needs. The results suggest that the most valued skills are those related to the sport´s technical parameters and the ability to adapt to any level of competition with self-confidence and self-assuredness. Significant differences were found regarding the variables for: the ability to communicate (p = 0.002) and for the ability to observe, identify and register performance (p = 0.005). The results showed that experience was not a decisive factor in assessing skills. This study thus presents evidence that rhythmic gymnastics judges must implement and optimise a set of skills that contribute to the effectiveness of the assessment process. These findings might help in the design of programs and training models that contribute to effective professional development.

Towards a Security Competence of Software Developers

2022 ◽  
pp. 2050-2064
Author(s):  
Nana Assyne
Keyword(s):  
Software Development ◽  
Software Security ◽  
Daily Basis ◽  
Software Developers ◽  
Body Of Knowledge ◽  
Secure Software ◽  
Full Knowledge ◽  
Software Engineers ◽  
Secure Software Development ◽  
The Common

Software growth has been explosive as people depend heavily on software on daily basis. Software development is a human-intensive effort, and developers' competence in software security is essential for secure software development. In addition, ubiquitous computing provides an added complexity to software security. Studies have treated security competences of software developers as a subsidiary of security engineers' competence instead of software engineers' competence, limiting the full knowledge of the security competences of software developers. This presents a crucial challenge for developers, educators, and users to maintain developers' competences in security. As a first step in pushing for the developers' security competence studies, this chapter utilises a literature review to identify the security competences of software developers. Thirteen security competences of software developers were identified and mapped to the common body of knowledge for information security professional framework. Lastly, the implications for, with, and without the competences are analysed and presented.

Sign in / Sign up

Export Citation Format

Share Document