Why Do Programmers Do What They Do? A Theory of Influences on Security Practices

Lavanya Sajwan, James Noble, Craig Anslow (Victoria University of Wellington), Robert Biddle (Carleton University)

Technologies are continually adapting to match ever-changing trends. As this occurs, new vulnerabilities are exploited by malicious attackers and can cause significant economic damage to companies. Programmers must continually expand their knowledge and skills to protect software. Programmers make mistakes, and this is why we must interpret how they implement and adopt security practices. This paper reports on a study to understand programmer adoption of security practices. We identified a theory of inter-related influences involving programmer culture, organizational factors, and industry trends. Understanding these decisions can help inform organizational culture and education to improve software security.

Paper

View More Papers

Demo #4: Attacking Tesla Model X’s Autopilot Using Compromised...

Ben Nassi (Ben-Gurion University of the Negev), Yisroel Mirsky (Ben-Gurion University of the Negev, Georgia Tech), Dudi Nassi, Raz Ben Netanel (Ben-Gurion University of the Negev), Oleg Drokin (Independent Researcher), and Yuval Elovici (Ben-Gurion University of the Negev) Best Demo Award Winner ($300 cash prize)!

EyeSeeIdentity: Exploring Natural Gaze Behaviour for Implicit User Identification...

L Yasmeen Abdrabou (Lancaster University), Mariam Hassib (Fortiss Research Institute of the Free State of Bavaria), Shuqin Hu (LMU Munich), Ken Pfeuffer (Aarhus University), Mohamed Khamis (University of Glasgow), Andreas Bulling (University of Stuttgart), Florian Alt (University of the Bundeswehr Munich)

Detecting DolphinAttacks Based on Microphone Array

Guoming Zhang, Xiaoyu Ji (Zhejiang University)

Is Your Firmware Real or Re-Hosted? A case study...

Abraham A. Clements, Logan Carpenter, William A. Moeglein (Sandia National Laboratories), Christopher Wright (Purdue University)