Why Do Programmers Do What They Do? A Theory of Influences on Security Practices

Lavanya Sajwan, James Noble, Craig Anslow (Victoria University of Wellington), Robert Biddle (Carleton University)

Technologies are continually adapting to match ever-changing trends. As this occurs, new vulnerabilities are exploited by malicious attackers and can cause significant economic damage to companies. Programmers must continually expand their knowledge and skills to protect software. Programmers make mistakes, and this is why we must interpret how they implement and adopt security practices. This paper reports on a study to understand programmer adoption of security practices. We identified a theory of inter-related influences involving programmer culture, organizational factors, and industry trends. Understanding these decisions can help inform organizational culture and education to improve software security.

Paper

View More Papers

My Past Dictates my Present: Relevance, Exposure, and Influence...

Shujaat Mirza, Christina Pöpper (New York University)

A Study on Security and Privacy Practices in Danish...

Asmita Dalela (IT University of Copenhagen), Saverio Giallorenzo (Department of Computer Science and Engineering - University of Bologna), Oksana Kulyk (ITU Copenhagen), Jacopo Mauro (University of Southern Denmark), Elda Paja (IT University of Copenhagen)

From Paranoia to Compliance: The Bumpy Road of System...

Niklas Busch (CISPA Helmholtz Center for Information Security, Germany), Philip Klostermeyer (CISPA Helmholtz Center for Information Security, Germany), Jan H. Klemmer (CISPA Helmholtz Center for Information Security, Germany), Yasemin Acar (Paderborn University, Germany), Sascha Fahl (CISPA Helmholtz Center for Information Security, Germany)

Empirical Scanning Analysis of Censys and Shodan

Christopher Bennett, AbdelRahman Abdou, and Paul C. van Oorschot (School of Computer Science, Carleton University, Canada)