From Needs to Actions to Secure Apps?:The Effect of Requirements and Developer Practices on App Security

Weir, Charles and Hermann, Ben and Fahl, Sascha (2020) From Needs to Actions to Secure Apps?:The Effect of Requirements and Developer Practices on App Security. In: USENIX Security '20 Proceedings. USENIX Association, USA. (In Press)

[img]
Text (Paper: From Needs to Actions to Secure Apps)
SurveyPaper.pdf - Accepted Version
Available under License Creative Commons Attribution-NonCommercial-NoDerivs.

Download (1MB)

Abstract

Increasingly mobile device users are being hurt by security or privacy issues with the apps they use. App developers can help prevent this; inexpensive security assurance techniques to do so are now well established, but do developers use them? And if they do so, is that reflected in more secure apps? From a survey of 335 successful app developers, we conclude that less than a quarter of such professionals have access to security experts; that less than a third use assurance techniques regularly; and that few have made more than cosmetic changes as a result of the European GDPR legislation. Reassuringly, we found that app developers tend to use more assurance techniques and make more frequent security updates when (1) they see more need for security, and (2) there is security expert or champion involvement.

Item Type:
Contribution in Book/Report/Proceedings
Subjects:
ID Code:
142148
Deposited By:
Deposited On:
10 Mar 2020 09:30
Refereed?:
Yes
Published?:
In Press
Last Modified:
02 Jul 2020 06:36