The Human Dimension of Software Security and Factors Affecting Security Processes

Assal, Hala

doi:10.22215/etd/2018-13347

Cited by 10 publications

(14 citation statements)

References 87 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The outcome is the reduction in the risk of overlooking critical security requirements or introducing security flaws throughout the implementation process. To build and deploy a secure software system, there is need for the integration of security features into the life cycle of application development and align current SSE methods [186], [187]. However, most organizations view security as a post-development process, and hence security is not considered during the pre-development phase.…”

Section: Approaches To Software Quality and Securitymentioning

confidence: 99%

An investigation into software quality and security: Past research works and existing gaps

Korir¹

2023

Global J. Eng. Technol. Adv.

View full text Add to dashboard Cite

Software security is concerned with the protection of data, facilities and applications from harm that may be occasioned by malware attacks such as password sniffing, viruses and hijacking. It is a system-wide concept that takes into account both security mechanisms such as access control as well as the design for security, such as a robust design that renders software attack complicated. It may encompass building of secure software, which comprises of the designing of software to be attack-resistant, ensuring that software is error-free, and educating software developers, architects, and users about the building of secure artifacts. In this regard, insecure software negatively affects organization’s reputations with customers, partners, and investors. The goal of this paper is to investigate some of the issues that make the software insecure, as well as the approaches that have been developed to boost software quality and security. The outcomes indicate that various models, techniques, frameworks and approaches to software quality have been developed over the recent past. However, only a few of them give reliable evidence for creating secure software applications.

show abstract

Section: Approaches To Software Quality and Securitymentioning

confidence: 99%

An investigation into software quality and security: Past research works and existing gaps

Korir¹

2023

Global J. Eng. Technol. Adv.

View full text Add to dashboard Cite

show abstract

“…On the other hand, a strong correlation has been found in [34] between the financial records of the software development enterprises (such as sales and financial performance) and the number of vulnerabilities that their products may contain. As discussed in [35], organizations' security efforts are less effective when developers perceive a disinterest in adopting software security practices. This usually occurs when there are no perceived negative consequences to the customers or the business from the lack of security in the SDLC.…”

Section: Sources Of Software Quality and Security Issuesmentioning

confidence: 99%

“…Several studies have pointed out the need to investigate the behavioral aspects of security adoption. In particular, developers' motivations and attitudes towards security [49], [50], [58], [35] is a hot topic. However, despite the availability of these many resources, developers continue to introduce security vulnerabilities in source code, and organizations lack proper guidelines for designing strategies to mitigate poor security.…”

Section: Sources Of Software Quality and Security Issuesmentioning

confidence: 99%

“…[50], [58], [35] Pointed out the need to investigate the behavioral aspects of security adoption, in particular, developers' motivations and attitudes towards security. [59] Found that despite receiving a tailored security checklist as a reminder during code reviews, developers are unable to find more vulnerabilities than when are just instructed to focus on security issues.…”

Section: Author (S)mentioning

confidence: 99%

See 1 more Smart Citation

Security risks in the software development lifecycle: A review

Odera¹,

Otieno²,

Ounza³

2023

World J. Adv. Eng. Technol. Sci.

View full text Add to dashboard Cite

Software security is one of the most critical concerns in modern software development, especially in safety-critical systems whose failure can lead to environmental damage, substantial property, or loss of human lives. In addition, flawed applications have been shown to exhibit unpredictable behavior while software products with numerous vulnerabilities present attack vectors that can be exploited by attackers. To address some of these problems, vulnerability prediction has been deployed for early detection of security risks in the software development lifecycle (SDLC). This can potentially facilitate decision making during the SDLC, resulting in the production of more secure software. Prioritizing security during SDLC permits developers and stakeholders to identify and resolve possible security concerns early on in the process. The aim of this paper is therefore to offer some in-depth review of software systems security issues. In addition, the various measures that have been put in place to mitigate security issues during SDLC are discussed.

show abstract

“…However, cybersecurity is often not seen as an 'essential design principle' (Schwartz et al, 2018), and research suggests that cybersecurity awareness across the design process is inconsistent (Kim et al, 2018). Efforts to incorporate cybersecurity in the design process have focused on software (Assal, 2018;Lukowiak et al, 2014), but less attention has been paid to early-stage conceptual design, and specifically, human-centered design (HCD). HCD, often described with phases of Research, Analyze, Ideate, Build, and Communicate (Roschuni et al, 2011), intends to help designers tackle complex problems, including cybersecurity.…”

Section: Introductionmentioning

confidence: 99%

Supporting Human-Centered Design in Psychologically Distant Problem Domains: The Design for Cybersecurity Cards

et al. 2021

View full text Add to dashboard Cite

Increasingly digital products and services make cybersecurity a crucial issue for designers. However, human-centered designers struggle to consider it in their work, partially a consequence of the high psychological distance between designers and cybersecurity. In this work, we build on the Design for Cybersecurity (DfC) Cards, an intervention to help designers consider cybersecurity, and examine a project-based design course to understand how and why specific DfC cards were used. Three findings result. First, designers found the intervention useful across all design phases and activities. Second, the cards helped design teams refocus their attention on the problem domain and project outcome. Third, we identify a need for support in framing and converging during user research, opportunity identification, and prototyping. We argue that the psychological distance between designers and the problem space of cybersecurity partially explains these findings, and ultimately exacerbates existing challenges in the design process. These findings suggest that design interventions must consider the psychological distance between designer and problem space, and have application in design practice across many complex problem domains.

show abstract

The Human Dimension of Software Security and Factors Affecting Security Processes

Cited by 10 publications

References 87 publications

An investigation into software quality and security: Past research works and existing gaps

An investigation into software quality and security: Past research works and existing gaps

Security risks in the software development lifecycle: A review

Supporting Human-Centered Design in Psychologically Distant Problem Domains: The Design for Cybersecurity Cards

Contact Info

Product

Resources

About