A Survey on Developer-Centred Security

Mohammad Tahaei; Kami Vaniea

doi:10.1109/EuroSPW.2019.00021

A Survey on Developer-Centred Security

Mohammad Tahaei, Kami Vaniea

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Software developers are key players in the security ecosystem as they produce code that runs on millions of devices. Yet we continue to see insecure code being developed and deployed on a regular basis despite the existence of support infrastructures, tools, and research into common errors. This work provides a systematised overview of the relatively new field of Developer-Centred Security which aims to understand the context in which developers produce security-relevant code as well as provide tools and processes that that better support both developers and secure code production. We report here on a systematic literature review of 49 publications on security studies with software developer participants. We provide an overview of both the types of methodologies currently being used as well as the current research in the area. Finally, we also provide recommendations for future work in Developer-Centred Security.

Original language	English
Title of host publication	2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
Place of Publication	Stockholm, Sweden
Publisher	Institute of Electrical and Electronics Engineers
Pages	129-138
Number of pages	10
ISBN (Electronic)	978-1-7281-3026-2
ISBN (Print)	978-1-7281-3027-9
DOIs	https://doi.org/10.1109/EuroSPW.2019.00021
Publication status	Published - 19 Aug 2019
Event	4th European Workshop on Usable Security - Stockholm, Sweden Duration: 20 Jun 2019 → 20 Jun 2019 https://eusec.cs.uchicago.edu/

Workshop

Workshop	4th European Workshop on Usable Security
Abbreviated title	EuroUSEC 2019
Country/Territory	Sweden
City	Stockholm
Period	20/06/19 → 20/06/19
Internet address	https://eusec.cs.uchicago.edu/

Keywords / Materials (for Non-textual outputs)

usable security and privacy
developer centered security
developers
software development
human factors
human computer interaction
Computer Security
systematic literature review
survey

Access to Document

10.1109/EuroSPW.2019.00021Licence: All Rights Reserved

tahaei2019Accepted author manuscript, 216 KB

https://ieeexplore.ieee.org/document/8802434Licence: All Rights Reserved

Cite this

@inproceedings{475a7854408e495c9034ae8e9d33fc53,

title = "A Survey on Developer-Centred Security",

abstract = "Software developers are key players in the security ecosystem as they produce code that runs on millions of devices. Yet we continue to see insecure code being developed and deployed on a regular basis despite the existence of support infrastructures, tools, and research into common errors. This work provides a systematised overview of the relatively new field of Developer-Centred Security which aims to understand the context in which developers produce security-relevant code as well as provide tools and processes that that better support both developers and secure code production. We report here on a systematic literature review of 49 publications on security studies with software developer participants. We provide an overview of both the types of methodologies currently being used as well as the current research in the area. Finally, we also provide recommendations for future work in Developer-Centred Security.",

keywords = "usable security and privacy, developer centered security, developers, software development, human factors, human computer interaction, Computer Security, systematic literature review, survey",

author = "Mohammad Tahaei and Kami Vaniea",

year = "2019",

month = aug,

day = "19",

doi = "10.1109/EuroSPW.2019.00021",

language = "English",

isbn = "978-1-7281-3027-9",

pages = "129--138",

booktitle = "2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)",

publisher = "Institute of Electrical and Electronics Engineers",

address = "United States",

note = "4th European Workshop on Usable Security, EuroUSEC 2019 ; Conference date: 20-06-2019 Through 20-06-2019",

url = "https://eusec.cs.uchicago.edu/",

}

TY - GEN

T1 - A Survey on Developer-Centred Security

AU - Tahaei, Mohammad

AU - Vaniea, Kami

PY - 2019/8/19

Y1 - 2019/8/19

N2 - Software developers are key players in the security ecosystem as they produce code that runs on millions of devices. Yet we continue to see insecure code being developed and deployed on a regular basis despite the existence of support infrastructures, tools, and research into common errors. This work provides a systematised overview of the relatively new field of Developer-Centred Security which aims to understand the context in which developers produce security-relevant code as well as provide tools and processes that that better support both developers and secure code production. We report here on a systematic literature review of 49 publications on security studies with software developer participants. We provide an overview of both the types of methodologies currently being used as well as the current research in the area. Finally, we also provide recommendations for future work in Developer-Centred Security.

AB - Software developers are key players in the security ecosystem as they produce code that runs on millions of devices. Yet we continue to see insecure code being developed and deployed on a regular basis despite the existence of support infrastructures, tools, and research into common errors. This work provides a systematised overview of the relatively new field of Developer-Centred Security which aims to understand the context in which developers produce security-relevant code as well as provide tools and processes that that better support both developers and secure code production. We report here on a systematic literature review of 49 publications on security studies with software developer participants. We provide an overview of both the types of methodologies currently being used as well as the current research in the area. Finally, we also provide recommendations for future work in Developer-Centred Security.

KW - usable security and privacy

KW - developer centered security

KW - developers

KW - software development

KW - human factors

KW - human computer interaction

KW - Computer Security

KW - systematic literature review

KW - survey

UR - https://doi.org/10.7488/ds/2535

U2 - 10.1109/EuroSPW.2019.00021

DO - 10.1109/EuroSPW.2019.00021

M3 - Conference contribution

SN - 978-1-7281-3027-9

SP - 129

EP - 138

BT - 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

PB - Institute of Electrical and Electronics Engineers

CY - Stockholm, Sweden

T2 - 4th European Workshop on Usable Security

Y2 - 20 June 2019 through 20 June 2019

ER -

A Survey on Developer-Centred Security

Abstract

Workshop

Keywords / Materials (for Non-textual outputs)

Access to Document

Other files and links

Fingerprint

Improving the Usability of TLS APIs