Copy the page URI to the clipboard
Lopez, Tamara; Sharp, Helen; Bandara, Arosha; Thein, Tun; Levine, Mark and Nuseibeh, Bashar
(2023).
DOI: https://doi.org/10.1145/3563211
Abstract
The pressure on software developers to produce secure software has never been greater. But what does security look like in environments that don’t produce security-critical software? In answer to this question, this multi-sited ethnographic study characterises security episodes and identifies five typical behaviors in software development. Using theory drawn from information security and motivation research in software engineering, this paper characterizes key ways in which individual developers form security responses to meet the demands of particular circumstances, providing a framework managers and teams can use to recognize, understand and alter security activity in their environments.