The Open UniversitySkip to content

Hopefully We Are Mostly Secure: Views on Secure Code in Professional Practice

Lopez, Tamara; Sharp, Helen; Tun, Thein; Bandara, Arosha; Levine, Mark and Nuseibeh, Bashar (2019). Hopefully We Are Mostly Secure: Views on Secure Code in Professional Practice. In: Proceedings of the 12th International Workshop on Cooperative and Human Aspects of Software Engineering pp. 61–68.

Full text available as:
PDF (Accepted Manuscript) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
Download (545kB) | Preview
DOI (Digital Object Identifier) Link:
Google Scholar: Look up in Google Scholar


Security of software systems is of general concern, yet breaches caused by common vulnerabilities still occur. Software developers are routinely called upon to ”do more” to address this situation. However there has been little focus on the developers’ point of view, and understanding how security features in their day-to-day activities. This paper reports preliminary findings of semi-structured interviews taken during an ethnographic study of professional software developers in one organization who are not security experts. The overall study aims to understand how security features in day-to-day practice, while analysis of the interview data asks whether developers are responsible for security. The study reveals that awareness around security matters is raised through several paths including processes, standards, practices and company training and that a focus on security is driven by contextual factors. Security is taken care of with policies and through safeguards, and is handled differently depending on whether a team is developing new features, and hence ”looking forward”, or working with existing code and hence ”looking back”. Developers take and share responsibility for security in the code, but suggest that their responsibility has limits, and relies on collective practice.

Item Type: Conference or Workshop Item
Copyright Holders: 2019 IEEE
Project Funding Details:
Funded Project NameProject IDFunding Body
Motivating Jenny to write secure code: community and culture of codingNot SetNCSC National Cyber Security Centre
Keywords: secure software development; collaborative environments; empirical studies
Academic Unit/School: Faculty of Science, Technology, Engineering and Mathematics (STEM) > Computing and Communications
Faculty of Science, Technology, Engineering and Mathematics (STEM)
Research Group: Centre for Research in Computing (CRC)
Software Engineering and Design (SEAD)
Item ID: 59843
Depositing User: Tamara Lopez
Date Deposited: 17 Apr 2019 13:32
Last Modified: 09 Oct 2019 15:33
Share this page:


Altmetrics from Altmetric

Citations from Dimensions

Download history for this item

These details should be considered as only a guide to the number of downloads performed manually. Algorithmic methods have been applied in an attempt to remove automated downloads from the displayed statistics but no guarantee can be made as to the accuracy of the figures.

Actions (login may be required)

Policies | Disclaimer

© The Open University   contact the OU