Exploring the Shift in Security Responsibility

Weir, Charles and Migues, Sammy and Williams, Laurie (2022) Exploring the Shift in Security Responsibility. IEEE Security and Privacy Magazine, 20 (6). pp. 8-17. ISSN 1540-7993

[thumbnail of Exploring the Shift in Security Responsibility]
Text (Exploring the Shift in Security Responsibility)
Exploring_the_Shift.pdf - Accepted Version
Available under License Creative Commons Attribution.

Download (1MB)


As software security becomes vital, how are organizations adapting to the challenge? This article explores a 12-year survey, structured using the Building Security in Maturity Model (BSIMM) framework, of software security activity adoption by the software security group in 211 large companies. The results indicate a gradual increase in the mean number of activities adopted by the companies surveyed, beginning in 2015. The top 11 most commonly-used activities are used by more than 61% of the companies, and also tend to be used together. Overall, the results indicate a shift in security experts’ responsibilities away from supporting development teams towards supporting the wider organization, and a validation of the value of security champions embedded in the development organization.

Item Type:
Journal Article
Journal or Publication Title:
IEEE Security and Privacy Magazine
Additional Information:
©2022 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Uncontrolled Keywords:
?? software securitybsimmsatellitecybersecuritysoftware developerslongitudinal surveyscomputer networks and communicationslawelectrical and electronic engineering ??
ID Code:
Deposited By:
Deposited On:
07 Feb 2022 14:45
Last Modified:
16 Apr 2024 01:24