The Experts below are selected from a list of 87195 Experts worldwide ranked by ideXlab platform
Charles Weir - One of the best experts on this subject based on the ideXlab platform.
-
The Secure Development Handbook
2018Co-Authors: Charles Weir, Noel FordAbstract:This short book, based on extensive industry and academic research, presents the most cost-effective techniques for a software Development team to improve their security and privacy. It incorporates a short Developer Essentials program that you can use to introduce the most effective techniques into your own teams with a minimum of cost and impact.
-
I'd Like to Have an Argument, Please:Using Dialectic for Effective App Security
Proceedings 2nd European Workshop on Usable Security, 2017Co-Authors: Charles Weir, Awais Rashid, James NobleAbstract:The lack of good Secure Development practice for app developers threatens everyone who uses mobile software. Current practice emphasizes checklists of processes and security errors to avoid, and has not proved effective in the application Development domain. Based on analysis of interviews with relevant security experts, we suggest that Secure app Development requires 'dialectic': challenging dialog with a range of counterparties, continued throughout the Development cycle. By further studying the different dialectic techniques possible in programmers' communications, we shall be able to empower app developers to produce the Secure software that we need.
-
how to improve the security skills of mobile app developers an analysis of expert knowledge
2017Co-Authors: Charles WeirAbstract:Much of the world relies heavily on apps. Increasingly those apps handle sensitive information: controlling our financial transactions, enabling our personal communication and holding intimate details of our lives. So the security of those apps is becoming increasingly vital. Yet research shows that those apps contain frequent security and privacy problems; and that almost all of these issues could have been avoided had the developers had sufficient motivation, support and knowledge. This lack of developer knowledge and support is widely perceived as a major threat. We therefore investigated the skills, approach and motivation required for developers. We conducted a Constructivist Grounded Theory study, involving face-to-face interviews with a dozen experts whose cumulative experience totalled over 100 years of Secure app Development, to develop theory on Secure Development techniques. The study identified that the subdiscipline of app Development security is still at an early stage, and found surprising discrepancies between current industry understanding and the experts’ recommendations. In particular it found that a Secure Development process tends not to appeal to app developers; and that the approach of identifying common types of security problems is too limited to give an effective security solution. Instead we identified a set of successful techniques we call ‘Dialectical Security’, where ‘dialectic’ means learning by questioning. These techniques use dialogue with a range of counterparties to achieve app security in an effective and economical way. The security increase comes from continued dialog, not passive learning. The novel contribution of our work is to provide: A grounded theory of Secure app Development that challenges conventional processes and checklists, and A shift in perspective from process to dialectic. Only by working to develop the Dialectical Security skills of app developers shall we begin to see the kinds of Secure apps we need to combat crime and privacy invasions.
-
how to improve the security skills of mobile app developers comparing and contrasting expert views
Symposium On Usable Privacy and Security, 2016Co-Authors: Charles Weir, Awais Rashid, James NobleAbstract:Programmers’ lack of knowledge and ability in Secure Development threatens everyone who uses mobile apps. There’s no consensus on how to empower app programmers to get that knowledge. Based on interviews with twelve industry experts we argue that the discipline of Secure app Development is still at an early stage. Only once industry and academia have produced effective app developer motivation and training approaches shall we begin to see the kinds of Secure apps we need to combat crime and privacy invasions.
-
WSIW@SOUPS - How to Improve the Security Skills of Mobile App Developers? Comparing and Contrasting Expert Views
2016Co-Authors: Charles Weir, Awais Rashid, James NobleAbstract:Programmers’ lack of knowledge and ability in Secure Development threatens everyone who uses mobile apps. There’s no consensus on how to empower app programmers to get that knowledge. Based on interviews with twelve industry experts we argue that the discipline of Secure app Development is still at an early stage. Only once industry and academia have produced effective app developer motivation and training approaches shall we begin to see the kinds of Secure apps we need to combat crime and privacy invasions.
James Noble - One of the best experts on this subject based on the ideXlab platform.
-
I'd Like to Have an Argument, Please:Using Dialectic for Effective App Security
Proceedings 2nd European Workshop on Usable Security, 2017Co-Authors: Charles Weir, Awais Rashid, James NobleAbstract:The lack of good Secure Development practice for app developers threatens everyone who uses mobile software. Current practice emphasizes checklists of processes and security errors to avoid, and has not proved effective in the application Development domain. Based on analysis of interviews with relevant security experts, we suggest that Secure app Development requires 'dialectic': challenging dialog with a range of counterparties, continued throughout the Development cycle. By further studying the different dialectic techniques possible in programmers' communications, we shall be able to empower app developers to produce the Secure software that we need.
-
how to improve the security skills of mobile app developers comparing and contrasting expert views
Symposium On Usable Privacy and Security, 2016Co-Authors: Charles Weir, Awais Rashid, James NobleAbstract:Programmers’ lack of knowledge and ability in Secure Development threatens everyone who uses mobile apps. There’s no consensus on how to empower app programmers to get that knowledge. Based on interviews with twelve industry experts we argue that the discipline of Secure app Development is still at an early stage. Only once industry and academia have produced effective app developer motivation and training approaches shall we begin to see the kinds of Secure apps we need to combat crime and privacy invasions.
-
WSIW@SOUPS - How to Improve the Security Skills of Mobile App Developers? Comparing and Contrasting Expert Views
2016Co-Authors: Charles Weir, Awais Rashid, James NobleAbstract:Programmers’ lack of knowledge and ability in Secure Development threatens everyone who uses mobile apps. There’s no consensus on how to empower app programmers to get that knowledge. Based on interviews with twelve industry experts we argue that the discipline of Secure app Development is still at an early stage. Only once industry and academia have produced effective app developer motivation and training approaches shall we begin to see the kinds of Secure apps we need to combat crime and privacy invasions.
-
SIGSOFT FSE - Reaching the masses: a new subdiscipline of app programmer education
Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2016Co-Authors: Charles Weir, Awais Rashid, James NobleAbstract:Programmers’ lack of knowledge and interest in Secure Development threatens everyone who uses mobile apps. The rise of apps has engaged millions of independent app developers, who rarely encounter any but low level security techniques. But what if software security were presented as a game, or a story, or a discussion? What if learning app security techniques could be fun as well as empowering? Only by introducing the powerful motivating techniques developed for other disciplines can we hope to upskill independent app developers, and achieve the security that we’ll need in 2025 to safeguard our identities and our data.
Jim Witschey - One of the best experts on this subject based on the ideXlab platform.
-
CSCW - Social influences on Secure Development tool adoption: why security tools spread
Proceedings of the 17th ACM conference on Computer supported cooperative work & social computing, 2014Co-Authors: Shundan Xiao, Jim Witschey, Emerson Murphy-hillAbstract:Security tools can help developers build more Secure software systems by helping developers detect or fix security vulnerabilities in source code. However, developers do not always use these tools. In this paper, we investigate a number of social factors that impact developers' adoption decisions, based on a multidisciplinary field of research called diffusion of innovations. We conducted 42 one-on-one interviews with professional software developers, and our results suggest a number of ways in which security tool adoption depends on developers' social environments and on the channels through which information about tools is communicated. For example, some participants trusted developers with strong reputations on the Internet as much as they trust their colleagues for information about security tools.
-
social influences on Secure Development tool adoption why security tools spread
Conference on Computer Supported Cooperative Work, 2014Co-Authors: Shundan Xiao, Jim Witschey, Emerson MurphyhillAbstract:Security tools can help developers build more Secure software systems by helping developers detect or fix security vulnerabilities in source code. However, developers do not always use these tools. In this paper, we investigate a number of social factors that impact developers' adoption decisions, based on a multidisciplinary field of research called diffusion of innovations. We conducted 42 one-on-one interviews with professional software developers, and our results suggest a number of ways in which security tool adoption depends on developers' social environments and on the channels through which information about tools is communicated. For example, some participants trusted developers with strong reputations on the Internet as much as they trust their colleagues for information about security tools.
-
SPLASH (Companion Volume) - Secure Development tool adoption in open-source
Proceedings of the 2013 companion publication for conference on Systems programming & applications: software for humanity - SPLASH '13, 2013Co-Authors: Jim WitscheyAbstract:Although the use of Secure software Development tools can help developers build more Secure software, many developers do not use these tools. In previous work, a colleague conducted interviews with professional developers to develop a qualitative model of factors that influence developers' decisions to use or not use security tools. In the work described in this abstract, I conducted interviews with open-source software developers to evaluate how our findings generalize outside of corporate software Development populations. With the data from these interviews, I aim to gain insight into open-source software developers' behavior and values. I aim to refine, expand, and generalize our security tool adoption model so it may be used to foster wider adoption of security tools.
Awais Rashid - One of the best experts on this subject based on the ideXlab platform.
-
I'd Like to Have an Argument, Please:Using Dialectic for Effective App Security
Proceedings 2nd European Workshop on Usable Security, 2017Co-Authors: Charles Weir, Awais Rashid, James NobleAbstract:The lack of good Secure Development practice for app developers threatens everyone who uses mobile software. Current practice emphasizes checklists of processes and security errors to avoid, and has not proved effective in the application Development domain. Based on analysis of interviews with relevant security experts, we suggest that Secure app Development requires 'dialectic': challenging dialog with a range of counterparties, continued throughout the Development cycle. By further studying the different dialectic techniques possible in programmers' communications, we shall be able to empower app developers to produce the Secure software that we need.
-
how to improve the security skills of mobile app developers comparing and contrasting expert views
Symposium On Usable Privacy and Security, 2016Co-Authors: Charles Weir, Awais Rashid, James NobleAbstract:Programmers’ lack of knowledge and ability in Secure Development threatens everyone who uses mobile apps. There’s no consensus on how to empower app programmers to get that knowledge. Based on interviews with twelve industry experts we argue that the discipline of Secure app Development is still at an early stage. Only once industry and academia have produced effective app developer motivation and training approaches shall we begin to see the kinds of Secure apps we need to combat crime and privacy invasions.
-
WSIW@SOUPS - How to Improve the Security Skills of Mobile App Developers? Comparing and Contrasting Expert Views
2016Co-Authors: Charles Weir, Awais Rashid, James NobleAbstract:Programmers’ lack of knowledge and ability in Secure Development threatens everyone who uses mobile apps. There’s no consensus on how to empower app programmers to get that knowledge. Based on interviews with twelve industry experts we argue that the discipline of Secure app Development is still at an early stage. Only once industry and academia have produced effective app developer motivation and training approaches shall we begin to see the kinds of Secure apps we need to combat crime and privacy invasions.
-
SIGSOFT FSE - Reaching the masses: a new subdiscipline of app programmer education
Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 2016Co-Authors: Charles Weir, Awais Rashid, James NobleAbstract:Programmers’ lack of knowledge and interest in Secure Development threatens everyone who uses mobile apps. The rise of apps has engaged millions of independent app developers, who rarely encounter any but low level security techniques. But what if software security were presented as a game, or a story, or a discussion? What if learning app security techniques could be fun as well as empowering? Only by introducing the powerful motivating techniques developed for other disciplines can we hope to upskill independent app developers, and achieve the security that we’ll need in 2025 to safeguard our identities and our data.
Lynn Futcher - One of the best experts on this subject based on the ideXlab platform.
-
The Use of Software Design Patterns to Teach Secure Software Design: An Integrated Approach
2015Co-Authors: Johan Niekerk, Lynn FutcherAbstract:During software Development, security is often dealt with as an add-on. This means that security considerations are not necessarily seen as an integral part of the overall solution and might even be left out of a design. For many security problems, the approach towards Secure Development has recurring elements. Software design patterns are often used to address a commonly occurring problem through a “generic” approach towards this problem. The design pattern provides a conceptual model of a best-practices solution, which in turn is used by developers to create a concrete implementation for their specific problem. Most software design patterns do not include security best-practices as part of the generic solution towards the commonly occurring problem. This paper proposes an extension to the widely used MVC pattern that includes current security principles in order to teach Secure software design in an integrated fashion.
-
World Conference on Information Security Education - The Use of Software Design Patterns to Teach Secure Software Design: An Integrated Approach
Information Security Education Across the Curriculum, 2015Co-Authors: Johan Van Niekerk, Lynn FutcherAbstract:During software Development, security is often dealt with as an add-on. This means that security considerations are not necessarily seen as an integral part of the overall solution and might even be left out of a design. For many security problems, the approach towards Secure Development has recurring elements. Software design patterns are often used to address a commonly occurring problem through a “generic” approach towards this problem. The design pattern provides a conceptual model of a best-practices solution, which in turn is used by developers to create a concrete implementation for their specific problem. Most software design patterns do not include security best-practices as part of the generic solution towards the commonly occurring problem. This paper proposes an extension to the widely used MVC pattern that includes current security principles in order to teach Secure software design in an integrated fashion.