Weir, Charles and Migues, Sammy and Williams, Laurie (2022) Exploring the Shift in Security Responsibility. IEEE Security and Privacy Magazine, 20 (6). pp. 8-17. ISSN 1540-7993
![[thumbnail of Exploring the Shift in Security Responsibility]](https://eprints.lancs.ac.uk/style/images/fileicons/text.png)
Exploring_the_Shift.pdf - Accepted Version
Available under License Creative Commons Attribution.
Download (1MB)
Abstract
As software security becomes vital, how are organizations adapting to the challenge? This article explores a 12-year survey, structured using the Building Security in Maturity Model (BSIMM) framework, of software security activity adoption by the software security group in 211 large companies. The results indicate a gradual increase in the mean number of activities adopted by the companies surveyed, beginning in 2015. The top 11 most commonly-used activities are used by more than 61% of the companies, and also tend to be used together. Overall, the results indicate a shift in security experts’ responsibilities away from supporting development teams towards supporting the wider organization, and a validation of the value of security champions embedded in the development organization.