research-article

'Think secure from the beginning': A Survey with Software Developers

Authors:

Sonia ChiassonAuthors Info & Claims

CHI '19: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems

Paper No.: 289, Pages 1 - 13

https://doi.org/10.1145/3290605.3300519

Published: 02 May 2019 Publication History

Abstract

Vulnerabilities persist despite existing software security initiatives and best practices. This paper focuses on the human factors of software security, including human behaviour and motivation. We conducted an online survey to explore the interplay between developers and software security processes, e.g., we looked into how developers influence and are influenced by these processes. Our data included responses from 123 software developers currently employed in North America who work on various types of software applications. Whereas developers are often held responsible for security vulnerabilities, our analysis shows that the real issues frequently stem from a lack of organizational or process support to handle security throughout development tasks. Our participants are self-motivated towards software security, and the majority did not dismiss it but identified obstacles to achieving secure code. Our work highlights the need to look beyond the individual, and take a holistic approach to investigate organizational issues influencing software security.

Supplementary Material

ZIP File (paper289.zip)

The supplementary material is a single PDF file of the full survey discussed in the paper.

Download
80.26 KB

References

[1]

{n. d.}. Qualtrics. https://www.qualtrics.com. {Accessed June-2018}.

[2]

{n. d.}. Risk Management Guide for Information Technology Systems. NIST Technical Series Publication ({n. d.}).

[3]

Y. Acar, M. Backes, S. Fahl, S. Garfinkel, D. Kim, M. L. Mazurek, and C. Stransky. 2017. Comparing the Usability of Cryptographic APIs. In IEEE Symposium on Security and Privacy.

[4]

Y. Acar, M. Backes, S. Fahl, D. Kim, M. L. Mazurek, and C. Stransky. 2016. You Get Where You're Looking for: The Impact of Information Sources on Code Security. In IEEE Symp. on Security and Privacy.

[5]

Y. Acar, M. Backes, S. Fahl, D. Kim, M. L. Mazurek, and C. Stransky. 2017. How Internet Resources Might Be Helping You Develop Faster but Less Securely. IEEE Security Privacy 15, 2 (2017).

Digital Library

[6]

Y. Acar, S. Fahl, and M. L. Mazurek. 2016. You are Not Your Developer, Either: A Research Agenda for Usable Security and Privacy Research Beyond End Users. In IEEE Cybersecurity Development.

[7]

Y. Acar, C. Stransky, D. Wermke, C. Weir, M. L. Mazurek, and S. Fahl. 2017. Developers Need Support, Too: A Survey of Security Advice for Software Developers. In Cybersecurity Development (SecDev).

[8]

H. Assal and S. Chiasson. 2018. Motivations and Amotivations for Software Security. In SOUPS Workshop on Security Information Workers (WSIW). USENIX Association.

[9]

H. Assal and S. Chiasson. 2018. Security in the Software Development Lifecycle. In Symp. on Usable Privacy and Security. USENIX.

Digital Library

[10]

N. Ayewah, D. Hovemeyer, J. D. Morgenthaler, J. Penix, and W. Pugh. 2008. Using Static Analysis to Find Bugs. IEEE Software 25, 5 (2008).

Digital Library

[11]

B. K. Marshall. {n. d.}. Passwords Found in the Wild for January 2013. http://blog.passwordresearch.com/2013/02/. {Accessed April-2017}.

[12]

D. Baca, M. Boldt, B. Carlsson, and A. Jacobsson. 2015. A Novel SecurityEnhanced Agile Software Development Process Applied in an Industrial Setting. In Int. Conf. on Availability, Reliability and Security.

Digital Library

[13]

D. Baca, K. Petersen, B. Carlsson, and L. Lundberg. 2009. Static Code Analysis to Detect Software Security Vulnerabilities - Does Experience Matter?. In Int. Conf. on Availability, Reliability and Security.

[14]

R. Balebako and L. Cranor. 2014. Improving App Privacy: Nudging App Developers to Protect User Privacy. IEEE Security Privacy 12, 4 (2014).

[15]

S. Bartsch. 2011. Practitioners' Perspectives on Security in Agile Development. In Int. Conf. on Availability, Reliability and Security.

Digital Library

[16]

G. Berisha and J. Shiroka Pula. 2015. Defining Small and Medium Enterprises: A Critical Review. Academic Journal of Business, Administration, Law and Social Sciences 1 (2015).

[17]

A. Bessey, K. Block, B. Chelf, A. Chou, B. Fulton, S. Hallem, C. HenriGros, A. Kamsky, S. McPeak, and D. Engler. 2010. A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in the Real World. Commununications of the ACM 53, 2 (2010).

Digital Library

[18]

Harry N Boone and Deborah A Boone. 2012. Analyzing likert data. Journal of extension 50, 2 (2012), 1--5.

[19]

CERT and Carnegie Mellon University. {n. d.}. Cybersecurity Engineering. https:// www.cert.org/cybersecurity-engineering/. {Accessed Feb-2017}.

[20]

B. Chess and G. McGraw. 2004. Static Analysis for Security. IEEE Security & Privacy 2, 6 (2004).

[21]

D. A. Dillman. 2000. Mail and Internet Surveys: The tailored design method. John Wiley & Sons, Inc.

Digital Library

[22]

EQUIFAX. 2018. 2017 Cybersecurity Incident & Important Consumer Information. https://www.equifaxsecurity2017.com. {Accessed June2018}.

[23]

A. Field. 2013. Discovering statistics using IBM SPSS statistics. SAGE Publications Ltd.

Digital Library

[24]

F. Fischer, K. Böttinger, H. Xiao, C. Stransky, Y. Acar, M. Backes, and S. Fahl. 2017. Stack Overflow Considered Harmful? The Impact of Copy Paste on Android Application Security. In IEEE Symp. on Security and Privacy.

[25]

S. Garfinkel and H. R. Lipford. 2014. Usable Security: History, Themes, and Challenges. Synthesis Lectures on Information Security, Privacy, and Trust 5, 2 (2014).

Digital Library

[26]

Peter Leo Gorski, Luigi Lo Iacono, Dominik Wermke, Christian Stransky, Sebastian Möller, Yasemin Acar, and Sascha Fahl. 2018. Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse. In Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018). USENIX Association, Baltimore, MD, 265--281. https://www.usenix.org/conference/soups2018/ presentation/gorski

Digital Library

[27]

Government of Canada. 2018. SME Research and Statistics. http: //www.ic.gc.ca/eic/site/061.nsf/eng/Home. {Accessed June-2018}.

[28]

M. Green and M. Smith. 2016. Developers are Not the Enemy!: The Need for Usable Security APIs. IEEE Security Privacy 14, 5 (2016).

Digital Library

[29]

G. Grieco, G. L. Grinblat, L. Uzal, S. Rawat, J. Feist, and L. Mounier. 2016. Toward Large-Scale Vulnerability Discovery Using Machine Learning. In ACM Conf. on Data and Application Security and Privacy. 12.

Digital Library

[30]

H. Assal. 2018. The Human Dimension of Software Security and Factors Affecting Security Processes. Carleton University.

[31]

D. Halperin, T. S. Heydt-Benjamin, B. Ransford, S. S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, and W. H. Maisel. 2008. Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses. In IEEE Symp. on Security and Privacy (SP).

Digital Library

[32]

C. Herley and P. C. v. Oorschot. 2017. SoK: Science, Security and the Elusive Goal of Security as a Scientific Pursuit. In IEEE S & P.

[33]

Y.-W. Huang, F. Yu, C. Hang, C.-H. Tsai, D.-T. Lee, and S.-Y. Kuo. 2004. Securing Web Application Code by Static Analysis and Runtime Protection. In WWW. ACM, 13.

Digital Library

[34]

B. Johnson, Y. Song, E. Murphy-Hill, and R. Bowdidge. 2013. Why don't software developers use static analysis tools to find bugs?. In 35th International Conference on Software Engineering (ICSE). 672--681.

Digital Library

[35]

N. Jovanovic, C. Kruegel, and E. Kirda. 2006. Pixy: a static analysis tool for detecting Web application vulnerabilities. In IEEE S & P.

Digital Library

[36]

H. F. Kaiser. 1970. A Second Generation Little Jiffy. Psychometrika (1970).

[37]

H. F. Kaiser and J. Rice. 1974. Little Jiffy, Mark IV. Educational and Psychological Measurement 34, 1 (1974).

[38]

T. D. LaToza and B. A. Myers. 2010. On the Importance of Understanding the Strategies That Developers Use. In CHASE. ACM, 4.

Digital Library

[39]

J. Lazar, J. H. Feng, and H. Hochheiser. 2010. Research methods in human-computer interaction. John Wiley, Hoboken, NJ.

Digital Library

[40]

H. Lipford, T. Thomas, B. Chu, and E. Murphy-Hill. 2014. Interactive Code Annotation for Security Vulnerability Detection. In ACM SIW. 6.

Digital Library

[41]

Microsoft Corp. {n. d.}. Microsoft Security Development Lifecycle. https://www.microsoft.com/en-us/sdl. {Accessed June-2016}.

[42]

A. Naiakshina, A. Danilova, C. Tiefenau, and M. Smith. 2018. Deception Task Design in Developer Password Studies: Exploring a Student Sample. In Fourteenth Symposium on Usable Privacy and Security (SOUPS). USENIX Association, Baltimore, MD, 297--313. https: //www.usenix.org/conference/soups2018/presentation/naiakshina

Digital Library

[43]

Anton J Nederhof. 1985. Methods of coping with social desirability bias: A review. European journal of social psychology 15, 3 (1985), 263--280.

[44]

D. C. Nguyen, D. Wermke, Y. Acar, M. Backes, C. Weir, and S. Fahl. {n. d.}. A Stitch in Time: Supporting Android Developers in WritingSecure Code. In Conf. on Computer and Communications Security. ACM, 13.

Digital Library

[45]

V. Okun, A. Delaitre, and P. E. Black. 2013. Report on the Static Analysis Tool Exposition (SATE) IV. In NIST Special Publication 500--297.

[46]

D. Oliveira, T. Lin, M. Rahman, R. Akefirad, D. Ellis, E. Perez, R. Bobhate, L. DeLong, J. Cappos, and Y. Brun. 2018. API Blindspots: Why Experienced Developers Write Vulnerable Code. In Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018). USENIX Association, Baltimore, MD, 315--328. https://www.usenix.org/conference/soups2018/ presentation/oliveira

Digital Library

[47]

D. Oliveira, M. Rosenthal, N. Morin, K.-C. Yeh, J. Cappos, and Y. Zhuang. 2014. It's the Psychology Stupid: How Heuristics Explain Software Vulnerabilities and How Priming Can Illuminate Developer's Blind Spots. In ACSAC. ACM, 10.

Digital Library

[48]

OWASP. {n. d.}. OWASP Guide Project. https://www.owasp.org/ index.php/Category:OWASPGuideProject. {Accessed Feb-2017}.

[49]

O. Pieczul, S. Foley, and M. E. Zurko. 2017. Developer-centered Security and the Symmetry of Ignorance. In NSPW. ACM, 11.

Digital Library

[50]

J. Radcliffe. 2011. Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System. https://media.blackhat.com/bh-us-11/ Radcliffe/BHUS11RadcliffeHackingMedicalDevicesWP.pdf. {Accessed Feb-2017}.

[51]

Rapid 7 Community. 2015. #IoTsec Disclosure: 10 New Vulnerabilities for Several Video Baby Monitors. https: //community.rapid7.com/community/infosec/blog/2015/09/02/ iotsec-disclosure-10-new-vulns-for-several-video-baby-monitors. {Accessed Feb-2017}.

[52]

H.-S. Rhee, Y. U. Ryu, and C.-T. Kim. 2012. Unrealistic optimism on information security management. Computers & Security (2012).

Digital Library

[53]

R. M. Ryan and E. L. Deci. 2000. Self-determination theory and the facilitation of intrinsic motivation, social development, and well-being. American Psychologist 55, 1 (2000).

[54]

R. Sass. 2016. How to Balance Between Security and Agile Development the Right Way. https://resources.whitesourcesoftware.com/ blog-whitesource/how-to-balance-between-security-and-agiledevelopment-the-right-way. {Accessed May-2018}.

[55]

R. Seacord. 2011. Top 10 secure coding practices. https: //www.securecoding.cert.org/confluence/display/seccode/Top+10+ Secure+Coding+Practices. {Accessed Feb-2017}.

[56]

J. Smith, B. Johnson, E. Murphy-Hill, B. Chu, and H. R. Lipford. 2015. Questions Developers Ask While Diagnosing Potential Security Vulnerabilities with Static Analysis. In JESEC/FSE. ACM, 12.

Digital Library

[57]

J. Smith, B. Johnson, E. Murphy-Hill, B. T. Chu, and H. Richter. 2018. How Developers Diagnose Potential Security Vulnerabilities with a Static Analysis Tool. IEEE Transactions on Software Engineering (2018).

[58]

J. P. Stevens. 2002. Applied multivariate statistics for the social sciences. New Jersey: Lawrance Erlbaum Association.

[59]

T. Thomas, B. Chu, H. Lipford, J. Smith, and E. Murphy-Hill. 2015. A study of interactive code annotation for access control vulnerabilities. In IEEE Symp. on Visual Languages and Human-Centric Computing.

[60]

T. W. Thomas, H. Lipford, B. Chu, J. Smith, and E. Murphy-Hill. 2016. What Questions Remain? An Examination of How Developers Understand an Interactive Static Analysis Tool. In Symp. on Usable Privacy and Security (SOUPS). USENIX Association.

[61]

T. W. Thomas, M. Tabassum, B. Chu, and H. Lipford. 2018. Security During Application Development: An Application Security Expert Perspective. In Conf. on Human Factors in Computing Systems. ACM, Article 262, 12 pages.

Digital Library

[62]

M. A. Tremblay, C. M. Blanchard, S. Taylor, L. G. Pelletier, and M. Villeneuve. 2009. Work Extrinsic and Intrinsic Motivation Scale: Its value for organizational psychology research. Canadian Journal of Behavioural Science 41, 4 (2009).

[63]

O. Tripp, S. Guarnieri, M. Pistoia, and A. Aravkin. 2014. ALETHEIA: Improving the Usability of Static Security Analysis. In ACM SIGSAC Conference on Computer and Communications Security (CCS). 13.

Digital Library

[64]

S. Türpe. 2016. Idea: Usable Platforms for Secure Programming--Mining Unix for Insight and Guidelines. In Engineering Secure Software and Systems. Springer Int. Publishing.

Digital Library

[65]

N. D. Weinstein and W. M. Klein. 1996. Unrealistic Optimism: Present and Future. Journal of Social and Clinical Psychology (1996).

[66]

C. Weir, A. Rashid, and J. Noble. 2017. I'd Like to Have an Argument, Please: Using Dialectic for Effective App Security. European Workshop on Usable Security (EuroUSEC) (2017).

[67]

J. Witschey, S. Xiao, and E. Murphy-Hill. 2014. Technical and Personal Factors Influencing Developers' Adoption of Security Tools. In ACM Workshop on Security Information Workers (SIW). 4.

Digital Library

[68]

I. M.Y. Woon and A. Kankanhalli. 2007. Investigation of IS professionals' intention to practise secure development of applications. International Journal of Human-Computer Studies 65, 1 (2007).

Digital Library

[69]

G. Wurster and P. C. van Oorschot. 2008. The Developer is the Enemy. In New Security Paradigms Workshop (NSPW). ACM, 9.

Digital Library

[70]

S. Xiao, J. Witschey, and E. Murphy-Hill. 2014. Social Influences on Secure Development Tool Adoption: Why Security Tools Spread. In CSCW. ACM, 12.

Digital Library

[71]

J. Xie, B. Chu, H. R. Lipford, and J. T. Melton. 2011. ASIDE: IDE Support for Web Application Security. In Annual Computer Security Applications Conference (ACSAC). ACM, 10.

Digital Library

[72]

J. Xie, H. Lipford, and B.-T. Chu. 2012. Evaluating Interactive Support for Secure Programming. In CHI Conference on Human Factors in Computing Systems. ACM, 10.

Digital Library

[73]

J. Xie, H. R. Lipford, and B. Chu. 2011. Why do programmers make security errors?. In VL/HCC. IEEE.

[74]

F. Yamaguchi, F. Lindner, and K. Rieck. 2011. Vulnerability Extrapolation: Assisted Discovery of Vulnerabilities Using Machine Learning. In USENIX Conference on Offensive Technologies (WOOT). 1.

Digital Library

Cited By

Jawad AAssal HJaskolka J(2024)"I'm Getting Information that I Can Act on Now": Exploring the Level of Actionable Information in Tool-generated Threat ReportsProceedings of the 2024 European Symposium on Usable Security10.1145/3688459.3688467(172-186)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3688459.3688467
Karanassios CHadan HZhang-Kennedy LAssal H(2024)Towards Security-Focused Developer PersonasProceedings of the 13th Nordic Conference on Human-Computer Interaction10.1145/3679318.3685406(1-18)Online publication date: 13-Oct-2024
https://dl.acm.org/doi/10.1145/3679318.3685406
Andreina SCloosters TDavi LGiesen JGutfleisch MKarame GNaiakshina ANaji HLuo BLiao XXu JKirda ELie D(2024)Defying the Odds: Solana's Unexpected Resilience in Spite of the Security Challenges Faced by DevelopersProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670333(4226-4240)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670333
Show More Cited By

Index Terms

'Think secure from the beginning': A Survey with Software Developers
1. Security and privacy
  1. Human and societal aspects of security and privacy
  2. Software and application security

Recommendations

Security During Application Development: an Application Security Expert Perspective
CHI '18: Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems

Many of the security problems that people face today, such as security breaches and data theft, are caused by security vulnerabilities in application source code. Thus, there is a need to understand and improve the experiences of those who can prevent ...
A Cross-role and Bi-national Analysis on Security Efforts and Constraints of Software Development Projects
ACSAC '21: Proceedings of the 37th Annual Computer Security Applications Conference

Software security, which is often regarded as a non-functional requirement, tends to be less prioritized than other explicit requirements in development projects. For designing security measures that can be used in software development, we must ...
Analyzing the Use of Public and In-house Secure Development Guidelines in U.S. and Japanese Industries
CHI '23: Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems

Secure development guidelines contribute to improving software security from the development stage by making developers aware of the risks to be assumed, the necessary security countermeasures, and how to implement them. In this study, we investigated ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CHI '19: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems

May 2019

9077 pages

ISBN:9781450359702

DOI:10.1145/3290605

General Chairs:
Stephen Brewster
University of Glasgow, Scotland, UK
,
Geraldine Fitzpatrick
TU Wien, Austria
,
Program Chairs:
Anna Cox
University College London, UK
,
Vassilis Kostakos
University of Melbourne, Australia

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 May 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Best Paper

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

CHI '19

Sponsor:

SIGCHI

CHI '19: CHI Conference on Human Factors in Computing Systems

May 4 - 9, 2019

Glasgow, Scotland Uk

Acceptance Rates

CHI '19 Paper Acceptance Rate 703 of 2,958 submissions, 24%;

Overall Acceptance Rate 6,199 of 26,314 submissions, 24%

Upcoming Conference

CHI 2025

Sponsor:
sigchi

ACM CHI Conference on Human Factors in Computing Systems

April 26 - May 1, 2025

Yokohama , Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

80
Total Citations
View Citations
2,315
Total Downloads

Downloads (Last 12 months)303
Downloads (Last 6 weeks)18

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Jawad AAssal HJaskolka J(2024)"I'm Getting Information that I Can Act on Now": Exploring the Level of Actionable Information in Tool-generated Threat ReportsProceedings of the 2024 European Symposium on Usable Security10.1145/3688459.3688467(172-186)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3688459.3688467
Karanassios CHadan HZhang-Kennedy LAssal H(2024)Towards Security-Focused Developer PersonasProceedings of the 13th Nordic Conference on Human-Computer Interaction10.1145/3679318.3685406(1-18)Online publication date: 13-Oct-2024
https://dl.acm.org/doi/10.1145/3679318.3685406
Andreina SCloosters TDavi LGiesen JGutfleisch MKarame GNaiakshina ANaji HLuo BLiao XXu JKirda ELie D(2024)Defying the Odds: Solana's Unexpected Resilience in Spite of the Security Challenges Faced by DevelopersProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670333(4226-4240)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670333
Díaz Ferreyra NShahin MZahedi MQuadri SScandariato RSpinellis DConstantinou EBacchelli A(2024)What Can Self-Admitted Technical Debt Tell Us About Security? A Mixed-Methods StudyProceedings of the 21st International Conference on Mining Software Repositories10.1145/3643991.3644909(704-715)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1145/3643991.3644909
Serafini ROtto CHorstmann SNaiakshina ARoychoudhury APaiva AAbreu RStorey M(2024)ChatGPT-Resistant Screening Instrument for Identifying Non-ProgrammersProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639075(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639075
Nwosu KAbdulgader MHu Y(2024)Securing the Digital Frontier: A Proactive Approach to Software Development2024 IEEE International Conference on Electro Information Technology (eIT)10.1109/eIT60633.2024.10609918(084-098)Online publication date: 30-May-2024
https://doi.org/10.1109/eIT60633.2024.10609918
Oh SLee KPark SKim DKim H(2024)Poisoned ChatGPT Finds Work for Idle Hands: Exploring Developers’ Coding Practices with Insecure Suggestions from Poisoned AI Models2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00046(1141-1159)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00046
Ami AMoran KPoshyvanyk DNadkarni A(2024)"False negative - that one is going to kill you": Understanding Industry Perspectives of Static Analysis based Security Testing2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00019(3979-3997)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00019
Neteler TFahl SLo Iacono L(2024)“You Received $100,000 From Johnny”: A Mixed-Methods Study on Push Notification Security and Privacy in Android AppsIEEE Access10.1109/ACCESS.2024.343909512(112499-112516)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3439095
Glasauer CMaurer LSpreitzer CAlexandrowicz R(2024)Development & psychometrics of the SOLID-S – An inventory assessing software security culture in software development companiesComputers and Security10.1016/j.cose.2024.103753140:COnline publication date: 1-May-2024
https://dl.acm.org/doi/10.1016/j.cose.2024.103753
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents