Surveying Secure Software Development Practices in Finland

Kalle Rindell; Jukka Ruohonen; Sami Hyrynsalmi

doi:10.1145/3230833.3233274

Surveying Secure Software Development Practices in Finland

Kalle Rindell, Jukka Ruohonen, Sami Hyrynsalmi

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Scientific › peer-review

10 Citations (Scopus)

Abstract

Combining security engineering and software engineering is shaping the software development processes and shifting the emphasis of information security from the operation environment into the main information asset: the software itself. To protect software and data assets, software development is subjected to an increasing amount of external regulation and organizational security requirements. To fulfill these requirements, the practitioners producing secure software have plenty of models, guidelines, standards and security instructions to follow, but very little scientific knowledge about effectiveness of the security they take.

In this paper, we present the current state of security engineering surveys and present results from our industrial survey (n = 62) performed in early 2018. The survey was conducted among selected software and security professionals employed by a selected set of 303 Finnish software companies. Results are compared to a commercial survey, the BSIMM version 8 and the similarities and distinct differences are discussed. Also, an analysis of the composition of security development life cycle models is presented, suggesting regulation to be the driving force behind security engineering in software industry.

Original language	English
Title of host publication	Proceedings of the 13th International Conference on Availability, Reliability and Security
Publisher	ACM
Pages	6:1-6:7
Number of pages	7
ISBN (Electronic)	978-1-4503-6448-5
DOIs	https://doi.org/10.1145/3230833.3233274
Publication status	Published - 27 Aug 2018
Publication type	A4 Article in conference proceedings
Event	International Conference on Availability, Reliability and Security - Duration: 27 Aug 2018 → 30 Aug 2018

Conference

Conference	International Conference on Availability, Reliability and Security
Period	27/08/18 → 30/08/18

Publication forum classification

Publication forum level 1

Access to Document

10.1145/3230833.3233274

Cite this

@inproceedings{c0572eac7dca41e18773579d56946217,

title = "Surveying Secure Software Development Practices in Finland",

abstract = "Combining security engineering and software engineering is shaping the software development processes and shifting the emphasis of information security from the operation environment into the main information asset: the software itself. To protect software and data assets, software development is subjected to an increasing amount of external regulation and organizational security requirements. To fulfill these requirements, the practitioners producing secure software have plenty of models, guidelines, standards and security instructions to follow, but very little scientific knowledge about effectiveness of the security they take.In this paper, we present the current state of security engineering surveys and present results from our industrial survey (n = 62) performed in early 2018. The survey was conducted among selected software and security professionals employed by a selected set of 303 Finnish software companies. Results are compared to a commercial survey, the BSIMM version 8 and the similarities and distinct differences are discussed. Also, an analysis of the composition of security development life cycle models is presented, suggesting regulation to be the driving force behind security engineering in software industry.",

author = "Kalle Rindell and Jukka Ruohonen and Sami Hyrynsalmi",

year = "2018",

month = aug,

day = "27",

doi = "10.1145/3230833.3233274",

language = "English",

pages = "6:1--6:7",

booktitle = "Proceedings of the 13th International Conference on Availability, Reliability and Security",

publisher = "ACM",

address = "United States",

note = "International Conference on Availability, Reliability and Security ; Conference date: 27-08-2018 Through 30-08-2018",

}

TY - GEN

T1 - Surveying Secure Software Development Practices in Finland

AU - Rindell, Kalle

AU - Ruohonen, Jukka

AU - Hyrynsalmi, Sami

PY - 2018/8/27

Y1 - 2018/8/27

N2 - Combining security engineering and software engineering is shaping the software development processes and shifting the emphasis of information security from the operation environment into the main information asset: the software itself. To protect software and data assets, software development is subjected to an increasing amount of external regulation and organizational security requirements. To fulfill these requirements, the practitioners producing secure software have plenty of models, guidelines, standards and security instructions to follow, but very little scientific knowledge about effectiveness of the security they take.In this paper, we present the current state of security engineering surveys and present results from our industrial survey (n = 62) performed in early 2018. The survey was conducted among selected software and security professionals employed by a selected set of 303 Finnish software companies. Results are compared to a commercial survey, the BSIMM version 8 and the similarities and distinct differences are discussed. Also, an analysis of the composition of security development life cycle models is presented, suggesting regulation to be the driving force behind security engineering in software industry.

AB - Combining security engineering and software engineering is shaping the software development processes and shifting the emphasis of information security from the operation environment into the main information asset: the software itself. To protect software and data assets, software development is subjected to an increasing amount of external regulation and organizational security requirements. To fulfill these requirements, the practitioners producing secure software have plenty of models, guidelines, standards and security instructions to follow, but very little scientific knowledge about effectiveness of the security they take.In this paper, we present the current state of security engineering surveys and present results from our industrial survey (n = 62) performed in early 2018. The survey was conducted among selected software and security professionals employed by a selected set of 303 Finnish software companies. Results are compared to a commercial survey, the BSIMM version 8 and the similarities and distinct differences are discussed. Also, an analysis of the composition of security development life cycle models is presented, suggesting regulation to be the driving force behind security engineering in software industry.

U2 - 10.1145/3230833.3233274

DO - 10.1145/3230833.3233274

M3 - Conference contribution

SP - 6:1-6:7

BT - Proceedings of the 13th International Conference on Availability, Reliability and Security

PB - ACM

T2 - International Conference on Availability, Reliability and Security

Y2 - 27 August 2018 through 30 August 2018

ER -

Surveying Secure Software Development Practices in Finland

Abstract

Conference

Publication forum classification

Access to Document

Fingerprint

Cite this