The Human Dimension of Software Security and Factors Affecting Security Processes
Public Deposited- Resource Type
- Creator
- Abstract
Usable security for software developers is a research direction that is in its early stages. Even though developers typically have technical expertise, they are not necessarily security experts and need support when dealing with security. This thesis focuses on the human aspect of software security within the overall development process. The research employes mixed methods, including Cognitive Walkthrough studies, interviews, and an online survey study. We started by studying usability issues in code analysis tools, and designed a visual analysis environment to support collaboration between team members and exploration during security analysis of source code. However, while working on this project, we recognized that the software security problem is a larger one, relating to the overall process of integrating security in the Software Development Lifecycle. Thus, through 13 interviews and an online survey with 123 software developers, we explored real-life software security practices, how developers acquire security knowledge, and the motivators and deterrents to software security. Based on our empirical studies, we identified recommendations that can help support developers handle security throughout the Software Development Lifecycle.Our qualitative and quantitative analyses showed varying approaches to software security, and clear discrepancies between existing and best practices. Through exploring developers' motivations towards software security, we identified both extrinsic and intrinsic motivations. We found that acting towards software security volitionally and for reasons extending beyond mandates can lead to better security processes and better developer-engagement in these processes. Particularly, our studies showed that when the different entities involved in the Software Development Lifecycle communicate and collaborate, and when security is perceived as a common and shared responsibility, this can positively influence software security, e.g., by promoting internal motivations which are associated with improved engagement and cognitive abilities. Towards promoting the internalization of software security, we proposed a human-oriented model to describe how external software security motivations can be internalized. Our model highlights the interplay between security knowledge, team collaboration, and internal motivations to security.
- Subject
- Language
- Publisher
- Thesis Degree Level
- Thesis Degree Name
- Thesis Degree Discipline
- Identifier
- Rights Notes
Copyright © 2018 the author(s). Theses may be used for non-commercial research, educational, or related academic purposes only. Such uses include personal study, research, scholarship, and teaching. Theses may only be shared by linking to Carleton University Institutional Repository and no part may be used without proper attribution to the author. No part may be used for commercial purposes directly or indirectly via a for-profit platform; no adaptation or derivative works are permitted without consent from the copyright owner.
- Date Created
- 2018
Relations
- In Collection:
Items
Thumbnail | Title | Date Uploaded | Visibility | Actions |
---|---|---|---|---|
assal-thehumandimensionofsoftwaresecurityandfactors.pdf | 2023-05-05 | Public | Download |