I'd Like to Have an Argument, Please: Using Dialectic for Effective App Security

Weir, Charles; Rashid, Awais; Noble, James

doi:10.14722/eurousec.2017.23002

Cited by 12 publications

(6 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Research has suggested that "challenge" talk between developers, rather than formal processes or artefacts, is the best way to develop techniques for security among developers [37]. Developers in this set do challenge each other, but do not, in the main, identify themselves in comments as upholding security or protecting code from attackers.…”

Section: B Tending To Securitymentioning

confidence: 99%

An Anatomy of Security Conversations in Stack Overflow

López

Tun

Bandara

et al. 2019

2019 IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Society (ICSE-SEIS)

View full text Add to dashboard Cite

As software-intensive digital systems become an integral part of modern life, ensuring that these systems are developed to satisfy security and privacy requirements is an increasingly important societal concern. This paper examines how secure coding practice is supported on Stack Overflow. Although there are indications that on-line environments are not robust or accurate sources of security information, they are used by large numbers of developers. Findings demonstrate that developers use conversation within the site to actively connect with and tend to security problems, fostering knowledge, exchanging information and providing assistance to one another.

show abstract

Section: B Tending To Securitymentioning

confidence: 99%

An Anatomy of Security Conversations in Stack Overflow

López

Tun

Bandara

et al. 2019

2019 IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Society (ICSE-SEIS)

View full text Add to dashboard Cite

show abstract

“…Another coding game, Code Defenders [8], was primarily designed for crowed-sourcing purposes but also served in training [9]. In [10,11], the authors advocate the use of dialectics and games for raising developers' security. Gamifications within software engineering has been studied and used [12], for example as a means to incite developers to remove compilers warning [13].…”

Section: Introductionmentioning

confidence: 99%

Games and Learning Alliance

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

The cyber security context requires to better understand how developers write (in)secure code and to assist them in their software developments. We have developed a secure coding experiment and serious game intervention. In this paper, we report on the design of a serious game to investigate developercentred security. We used a combination of approaches to shape discussions and support the serious game co-creation.

show abstract

“…Strategies should be able to evolve with minimal resistance in order to respond to the ever-changing threat landscape (Dove, 2011). Compliance with such strategies and policies can be driven promoting awareness of InfoSec concerns, providing developers with necessary skills, fostering a team culture about the importance of InfoSec compliance, and encouraging open discourse about security concerns (Bartsch, 2011;Bulgurcu et al, 2010;Keramati and Mirian-Hosseinabadi, 2008;Weir et al, 2017). Not only is it important to have developers engaged in the secure development of software, but stakeholders and customers should also be involved (Bartsch, 2011).…”

Section: Strategies and Relationshipsmentioning

confidence: 99%

Information Security in Agile Software Development Projects: A Critical Success Factor Perspective

Newton¹,

Anslow

Drechsler

2020

Preprint

View full text Add to dashboard Cite

© 27th European Conference on Information Systems - Information Systems for a Sharing Society, ECIS 2019. All rights reserved. The importance of information security in software development projects is long recognised, with many comprehensive standards and procedures in use to provide assurance of information security. The agile development paradigm conflicts with traditional security assurance by emphasising the delivery of functional requirements and a reduction in structured and linear development styles. Through a series of thirteen qualitative interviews, this study identifies practices that address this problem which have been successfully adopted by agile practitioners. The findings present four categories of practices - organisational, team, project, and technical - and twelve critical success factors that should be explicitly considered by practitioners to assure agile security. The critical success factors provide a foundation for practitioners to strategically identify and develop best practices to embed information security in agile development projects. The identified categories also highlight the importance of agile security practices centring around individuals and culture and contributes to the literature by providing a representation of agile security practices that encompasses a broad range of focal areas.

show abstract

I'd Like to Have an Argument, Please: Using Dialectic for Effective App Security

Cited by 12 publications

References 28 publications

An Anatomy of Security Conversations in Stack Overflow

An Anatomy of Security Conversations in Stack Overflow

Games and Learning Alliance

Information Security in Agile Software Development Projects: A Critical Success Factor Perspective

Contact Info

Product

Resources

About