Analysis of Strategies for the Integration of Security Practices in Agile Software Development: A Sustainable SME Approach
Y Valdés-Rodríguez, J Hochstetter-Diez… - IEEE …, 2024 - ieeexplore.ieee.org
Incorporating security into software development in small and medium-sized enterprises
(SMEs) is an increasingly relevant challenge and a crucial necessity, especially in an …
(SMEs) is an increasingly relevant challenge and a crucial necessity, especially in an …
Is Modeling Access Control Worth It?
Implementing access control policies is an error-prone task that can have severe
consequences for the security of software applications. Model-driven approaches have been …
consequences for the security of software applications. Model-driven approaches have been …
" There are rabbit holes I want to go down that I'm not allowed to go down": An Investigation of Security Expert Threat Modeling Practices for Medical Devices
RE Thompson, M McLaughlin, C Powers… - 33rd USENIX Security …, 2024 - usenix.org
Threat modeling is considered an essential first step for" secure by design" development.
Significant prior work and industry efforts have created novel methods for this type of threat …
Significant prior work and industry efforts have created novel methods for this type of threat …
Comparing Malware Evasion Theory with Practice: Results from Interviews with Expert Analysts
Malware analysis is the process of identifying whether certain software is malicious and
determining its capabilities. Unfortunately, malware authors have developed increasingly …
determining its capabilities. Unfortunately, malware authors have developed increasingly …
Write, Read, or Fix? Exploring Alternative Methods for Secure Development Studies
When studying how software developers perform security tasks, researchers often ask
participants to write code. These studies can be challenging because programming can be …
participants to write code. These studies can be challenging because programming can be …
A Survey of Cybersecurity {Professionals'} Perceptions and Experiences of Safety and Belonging in the Community
S Katcher, L Wang, C Yang, C Messdaghi… - … Symposium on Usable …, 2024 - usenix.org
The cybersecurity workforce lacks diversity; the field is predominately men and White or
Asian, with only 10% identifying as women, Latine, or Black. Previous studies identified …
Asian, with only 10% identifying as women, Latine, or Black. Previous studies identified …
Unhelpful assumptions in software security research
In the study of software security many factors must be considered. Once venturing beyond
the simplest of laboratory experiments, the researcher is obliged to contend with …
the simplest of laboratory experiments, the researcher is obliged to contend with …
NERDS: A Non-invasive Environment for Remote Developer Studies
J Lewis, KR Fulton - Proceedings of the 17th Cyber Security …, 2024 - dl.acm.org
Given the difficulties of secure development, studying software developers remains pivotal.
However, conducting these studies remains a pain point for the security community as …
However, conducting these studies remains a pain point for the security community as …
SoK: Why developers failed to build software securely?
X Xu - 2024 - researchspace.auckland.ac.nz
This thesis investigates the persistent challenges leading to the failure of developers in
constructing secure software systems. Employing a systematic literature review, the research …
constructing secure software systems. Employing a systematic literature review, the research …
A Dichotomy of Demonstrated vs. Perceived Knowledge in Computer Security
M Jensen - Proceedings of the 18th International Conference of …, 2024 - repository.isls.org
One approach to teaching computer security in undergraduate computer science (CS)
programs is to enforce and distribute it across the curriculum. Topics accessible at even the …
programs is to enforce and distribute it across the curriculum. Topics accessible at even the …