Surveying Secure Software Development Practices in Finland

Kalle Rindell, Jukka Ruohonen, Sami Hyrynsalmi

    Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

    1 Citation (Scopus)


    Combining security engineering and software engineering is shaping the software development processes and shifting the emphasis of information security from the operation environment into the main information asset: the software itself. To protect software and data assets, software development is subjected to an increasing amount of external regulation and organizational security requirements. To fulfill these requirements, the practitioners producing secure software have plenty of models, guidelines, standards and security instructions to follow, but very little scientific knowledge about effectiveness of the security they take.

    In this paper, we present the current state of security engineering surveys and present results from our industrial survey (n = 62) performed in early 2018. The survey was conducted among selected software and security professionals employed by a selected set of 303 Finnish software companies. Results are compared to a commercial survey, the BSIMM version 8 and the similarities and distinct differences are discussed. Also, an analysis of the composition of security development life cycle models is presented, suggesting regulation to be the driving force behind security engineering in software industry.
    Original languageEnglish
    Title of host publicationProceedings of the 13th International Conference on Availability, Reliability and Security
    Number of pages7
    ISBN (Electronic)978-1-4503-6448-5
    Publication statusPublished - 27 Aug 2018
    Publication typeA4 Article in conference proceedings
    EventInternational Conference on Availability, Reliability and Security -
    Duration: 27 Aug 201830 Aug 2018


    ConferenceInternational Conference on Availability, Reliability and Security

    Publication forum classification

    • Publication forum level 1


    Dive into the research topics of 'Surveying Secure Software Development Practices in Finland'. Together they form a unique fingerprint.

    Cite this