Security Responses in Software Development

López, Tamara González; Sharp, Helen; Tun, Thein Than; Bandara, Arosha K.; Levine, Mark; Nuseibeh, Bashar

doi:10.1145/3563211

Cited by 10 publications

(12 citation statements)

References 58 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Software security is often made up of smaller, independent decisions, each with their own framing and outcome value. Typically, software engineers perceive security as a barrier (Lopez et al, 2022), or lower priority than functionality . Whilst this invokes a negative framing -producing risk aversion -maybe this does not directly translate into their mental model of the software.…”

Section: Risk Aversionmentioning

confidence: 99%

Recognizing the known unknowns; the interaction between reflective thinking and optimism for uncertainty among software developer’s security perceptions

Ivory¹,

Towse²,

Sturdee³

et al. 2023

Preprint

View full text Add to dashboard Cite

Software development is a complex process requiring aspects of social, cognitive, and technical skills. Software engineers face high levels of uncertainty and risk during functional and security decision making. This preregistered study investigates behavioural measures of cognitive reflection, risk aversion, and optimism bias among professional freelance software developers and computer science students, to expose relationships between uncertainty-associated language and risk sensitivity. We employ content analysis with a mixed-effect model to understand how psychological dimensions influence risk sensitivity in secure software development. We show an interaction between cognitive reflection and optimism bias in the proportion of uncertainty-related language used. Overly optimistic outlooks combined with higher cognitive reflection drives up expressions of uncertainty, while pessimistic or realistic individuals reduce uncertainty as cognitive reflection increases. Software engineers who hold average or pessimistic views on the security of their code are more likely to speak more intuitively about security and risk. We discuss the potential for psychological interventions to promote more secure coding behaviours in software engineers. By increasing potential risk awareness, they may consider risk in software more carefully, which may lead to better security implementation in their code.

show abstract

Section: Risk Aversionmentioning

confidence: 99%

Recognizing the known unknowns; the interaction between reflective thinking and optimism for uncertainty among software developer’s security perceptions

Ivory¹,

Towse²,

Sturdee³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…According to [136], secure software development practices should be followed during the development of WBAN devices and applications. This includes incorporating security considerations from the initial design phase, conducting security testing and code reviews, and ensuring timely software updates and patches to address vulnerabilities [137]- [138].…”

Section: Figure 4 Wban Security Mechanismsmentioning

confidence: 99%

Current security and privacy posture in wireless body area networks

Auko¹

2023

World J. Adv. Res. Rev.

View full text Add to dashboard Cite

Wireless Body Area Networks (WBANs) have emerged as a promising technology for remote health monitoring and healthcare applications. However, ensuring the security and privacy of sensitive health data in WBANs is crucial to foster user trust and prevent unauthorized access or data breaches. This paper provides an overview of the key challenges, techniques, and research gaps in WBAN security and privacy. The findings indicate that the challenges in WBAN security and privacy include resource constraints, compatibility issues, privacy concerns, dynamic network environments, security and usability trade-offs, emerging threat landscape, and user awareness and education. To address these challenges, various security techniques have been developed, such as authentication and authorization mechanisms, encryption, access control, secure communication protocols, intrusion detection systems, and privacy-preserving data handling techniques. Despite the progress made, there are research gaps that require further investigation. These research gaps include the development of secure and lightweight authentication mechanisms, privacy-preserving data analysis techniques, trust and security management frameworks, resilience to insider threats, security of data aggregation and fusion, user-centric security designs, and addressing legal and ethical considerations. Addressing these research gaps and challenges requires collaboration between researchers, device manufacturers, policymakers, and end-users. Ongoing research and innovation are necessary to develop robust security techniques, privacy-enhancing technologies, and user-friendly solutions tailored for WBANs. Additionally, compliance with privacy regulations, user education, and awareness are critical for responsible and ethical use of WBANs.

show abstract

“…Software security is often made up of smaller, independent decisions, each with their own framing and outcome value. Typically, software engineers perceive security as a barrier (Lopez et al, 2022), or lower priority than functionality , but this may not translate well into mental models of software, meaning that security is poorly considered in terms of risk aversion. It could also be interpreted that risk aversion is unrelated to risk taking behavior as there are other factors that determine the behavior.…”

Section: Risk Aversionmentioning

confidence: 99%

Recognizing the known unknowns; the interaction between reflective thinking and optimism for uncertainty among software developer’s security perceptions.

Ivory,

Towse,

Sturdee

et al. 2023

Technology, Mind, and Behavior

View full text Add to dashboard Cite

Software development is a complex process requiring aspects of social, cognitive, and technical skills. Software engineers face high levels of uncertainty and risk during functional and security decision making. This preregistered study investigates behavioral measures of cognitive reflection, risk aversion, and optimism bias among professional freelance software developers and computer science students, to expose relationships between uncertainty-associated language and risk sensitivity. We employ content analysis with a mixed-effect model to understand how psychological dimensions influence risk sensitivity in secure software development.We show an interaction between cognitive reflection and optimism bias in the proportion of uncertainty-related language used. Overly optimistic outlooks combined with higher cognitive reflection drives up expressions of uncertainty, while pessimistic or realistic individuals reduce uncertainty as cognitive reflection increases. Software engineers who hold average or pessimistic views on the security of their code are more likely to speak more intuitively about security and risk. We discuss the potential of our findings in relation to understanding how to leverage language used by engineers as markers of risk aversion. Encouraging increased discourse could be used as a catalyst for increased cognitive reflection and grounding optimistic behaviors, leading to more careful decisions.

show abstract

Security Responses in Software Development

Cited by 10 publications

References 58 publications

Recognizing the known unknowns; the interaction between reflective thinking and optimism for uncertainty among software developer’s security perceptions

Recognizing the known unknowns; the interaction between reflective thinking and optimism for uncertainty among software developer’s security perceptions

Current security and privacy posture in wireless body area networks

Recognizing the known unknowns; the interaction between reflective thinking and optimism for uncertainty among software developer’s security perceptions.

Contact Info

Product

Resources

About