Talking About Security with Professional Developers

Lopez, Tamara and Sharp, Helen and Tun, Thein and Bandara, Arosha and Levine, Mark and Nuseibeh, Bashar (2019) Talking About Security with Professional Developers. In: Proceedings - 2019 IEEE/ACM Joint 7th International Workshop on Conducting Empirical Studies in Industry and 6th International Workshop on Software Engineering Research and Industrial Practice, CESSER-IP 2019 :. Proceedings - 2019 IEEE/ACM Joint 7th International Workshop on Conducting Empirical Studies in Industry and 6th International Workshop on Software Engineering Research and Industrial Practice, CESSER-IP 2019 . Institute of Electrical and Electronics Engineers Inc., CAN, pp. 34-40. ISBN 9781728122656

Text (PID5831073-CRC)
PID5831073_CRC.pdf - Accepted Version
Available under License Creative Commons Attribution-NonCommercial.
Download (1MB)

Abstract

This paper describes materials developed to engage professional developers in discussions about security. First, the work is framed in the context of ethnographic studies of software development, highlighting how the method is used to explore and investigate research aims for the Motivating Jenny research project. A description is given of a series of practitioner engagements, that were used to develop a reflection and discussion tool using security stories taken from media and internet sources. An explanation is given for how the tool has been used to collect data within field sites, offering a way to clarify and member check findings, and to provide a different view on practice and process. The report concludes with observations and notes about future aims for supporting and encouraging professionals to engage with security in practice.