A survey on developer-centred security
Software developers are key players in the security ecosystem as they produce code that
runs on millions of devices. Yet we continue to see insecure code being developed and …
runs on millions of devices. Yet we continue to see insecure code being developed and …
Human factors in security research: Lessons learned from 2008-2018
Instead of only considering technology, computer security research now strives to also take
into account the human factor by studying regular users and, to a lesser extent, experts like …
into account the human factor by studying regular users and, to a lesser extent, experts like …
Privacy champions in software teams: Understanding their motivations, strategies, and challenges
Software development teams are responsible for making and implementing software design
decisions that directly impact end-user privacy, a challenging task to do well. Privacy …
decisions that directly impact end-user privacy, a challenging task to do well. Privacy …
“They're not that hard to mitigate”: What cryptographic library developers think about timing attacks
Timing attacks are among the most devastating side-channel attacks, allowing remote
attackers to retrieve secret material, including cryptographic keys, with relative ease. In …
attackers to retrieve secret material, including cryptographic keys, with relative ease. In …
" Always Contribute Back": A Qualitative Study on Security Challenges of the Open Source Supply Chain
Open source components are ubiquitous in companies' setups, processes, and software.
Utilizing these external components as building blocks enables companies to leverage the …
Utilizing these external components as building blocks enables companies to leverage the …
[PDF][PDF] The cyber security body of knowledge
D Basin - University of Bristol, ch. Formal Methods for, 2021 - cybok.org
The CyBOK project would like to understand how the CyBOK is being used and its uptake.
The project would like organisations using, or intending to use, CyBOK for the purposes of …
The project would like organisations using, or intending to use, CyBOK for the purposes of …
How does usable security (not) end up in software products? results from a qualitative interview study
For software to be secure in practice, users need to be willing and able to appropriately use
security features. These features are usually implemented by software professionals during …
security features. These features are usually implemented by software professionals during …
Understanding security mistakes developers make: Qualitative analysis from build it, break it, fix it
Secure software development is a challenging task requiring consideration of many possible
threats and mitigations. This paper investigates how and why programmers, despite a …
threats and mitigations. This paper investigates how and why programmers, despite a …
An Ethnographic Understanding of Software ({In) Security} and a {Co-Creation} Model to Improve Secure Software Development
We present an ethnographic study of secure software development processes in a software
company using the anthropological research method of participant observation. Two PhD …
company using the anthropological research method of participant observation. Two PhD …
Where to recruit for security development studies: Comparing six software developer samples
Studying developers is an important aspect of usable security and privacy research. In
particular, studying security development challenges such as the usability of security APIs …
particular, studying security development challenges such as the usability of security APIs …