Analyzing the Use of Public and In-house Secure Development Guidelines in U.S. and Japanese Industries

要旨

Secure development guidelines contribute to improving software security from the development stage by making developers aware of the risks to be assumed, the necessary security countermeasures, and how to implement them. In this study, we investigated the actual utilization of guidelines and their usability in the industry through a survey of software development professionals in the U.S. and Japan (N=396 in the U.S. and N=474 in Japan). Our quantitative analysis revealed that “in-house” guidelines not examined in most existing studies are in fact widely utilized in the industry and also clarified how they are related to the use of public guidelines. In addition, we found that the practices for implementing guidelines recommended by existing studies are difficult for software development professionals with certain attributes, e.g., those who are working on small projects. The findings demonstrate the need for lightweight recommended practices taking into account organizational issues at industrial development sites that are easy for developers to implement.

著者
Fumihiro Kanei
NTT, Tokyo, Japan
Ayako A.. Hasegawa
NICT, Tokyo, Japan
Eitaro Shioji
NTT, Tokyo, Japan
Mitsuaki Akiyama
NTT, Tokyo, Japan
論文URL

https://doi.org/10.1145/3544548.3580705

動画

会議: CHI 2023

The ACM CHI Conference on Human Factors in Computing Systems (https://chi2023.acm.org/)

セッション: Digital Safety

Hall G2
6 件の発表
2023-04-25 20:10:00
2023-04-25 21:35:00