Why Do Programmers Do What They Do? A Theory of Influences on Security Practices

Lavanya Sajwan, James Noble, Craig Anslow (Victoria University of Wellington), Robert Biddle (Carleton University)

Technologies are continually adapting to match ever-changing trends. As this occurs, new vulnerabilities are exploited by malicious attackers and can cause significant economic damage to companies. Programmers must continually expand their knowledge and skills to protect software. Programmers make mistakes, and this is why we must interpret how they implement and adopt security practices. This paper reports on a study to understand programmer adoption of security practices. We identified a theory of inter-related influences involving programmer culture, organizational factors, and industry trends. Understanding these decisions can help inform organizational culture and education to improve software security.

Paper

View More Papers

A Study on Security and Privacy Practices in Danish...

Asmita Dalela (IT University of Copenhagen), Saverio Giallorenzo (Department of Computer Science and Engineering - University of Bologna), Oksana Kulyk (ITU Copenhagen), Jacopo Mauro (University of Southern Denmark), Elda Paja (IT University of Copenhagen)

FARE: Enabling Fine-grained Attack Categorization under Low-quality Labeled Data

Junjie Liang (The Pennsylvania State University), Wenbo Guo (The Pennsylvania State University), Tongbo Luo (Robinhood), Vasant Honavar (The Pennsylvania State University), Gang Wang (University of Illinois at Urbana-Champaign), Xinyu Xing (The Pennsylvania State University)

Shadow Attacks: Hiding and Replacing Content in Signed PDFs

Christian Mainka (Ruhr University Bochum), Vladislav Mladenov (Ruhr University Bochum), Simon Rohlmann (Ruhr University Bochum)

Understanding the Growth and Security Considerations of ECS

Athanasios Kountouras (Georgia Institute of Technology), Panagiotis Kintis (Georgia Institute of Technology), Athanasios Avgetidis (Georgia Institute of Technology), Thomas Papastergiou (Georgia Institute of Technology), Charles Lever (Georgia Institute of Technology), Michalis Polychronakis (Stony Brook University), Manos Antonakakis (Georgia Institute of Technology)