DASP: A Framework for Driving the Adoption of Software Security Practices

05/24/2022
by   Enrique Larios-Vargas, et al.
0

Implementing software security practices is a critical concern in modern software development. Industry practitioners, security tool providers, and researchers have provided standard security guidelines and sophisticated security development tools to ensure a secure software development pipeline. But despite these efforts, there continues to be an increase in the number of vulnerabilities that can be exploited by malicious hackers. There is thus an urgent need to understand why developers still introduce security vulnerabilities into their applications and to understand what can be done to motivate them to write more secure code. To understand and address this problem further, we propose DASP, a framework for diagnosing and driving the adoption of software security practices among developers. DASP was conceived by combining behavioral science theories to shape a cross-sectional interview study with 28 software practitioners. Our interviews lead to a framework that consists of a comprehensive set of 33 drivers grouped into 7 higher-level categories that represent what needs to happen or change so that the adoption of software security practices occurs. Using the DASP framework, organizations can design interventions suitable for developers' specific development contexts that will motivate them to write more secure code.

READ FULL TEXT
research
11/29/2022

Secure Software Development Methodologies: A Multivocal Literature Review

In recent years, the number of cyber attacks has grown rapidly. An effec...
research
12/10/2020

Integration of Security Modules in Software Development Lifecycle Phases

Information protection is becoming a focal point for designing, creating...
research
03/19/2021

Adoption and Suitability of Software Development Methods and Practices

In seeking to complement consultants' and tool vendors' reports, there h...
research
02/22/2023

Microusity: A testing tool for Backends for Frontends (BFF) Microservice Systems

The microservice software architecture is more scalable and efficient th...
research
05/12/2022

Conversational DevBots for Secure Programming: An Empirical Study on SKF Chatbot

Conversational agents or chatbots are widely investigated and used acros...
research
07/30/2023

"False negative – that one is going to kill you": Understanding Industry Perspectives of Static Analysis based Security Testing

The demand for automated security analysis techniques, such as static an...
research
10/13/2022

Cognitive-Driven Development Helps Software Teams to Keep Code Units Under the Limit!

Software design techniques are undoubtedly crucial in the process of des...

Please sign up or login with your details

Forgot password? Click here to reset