Towards Developer-Centered Secure Coding Training
Software security continues to be a matter of concern for both end-users and developers, with the cost of potential lapses expected to become larger as software plays a larger role in society. Despite investments in secure coding training programmes, organisations are not achieving the expected success rate. An often overlooked reason for this among many others is that current training programmes are not tailored to consider the diversity among software developers as it relates to human aspects. In this research, data was gathered from software developers of various backgrounds on their perceptions of secure coding training, their expectations from and challenges with such a training program. The findings suggest that developers with personality traits of agreeableness tend to ignore secure coding standards. Additionally, developers with higher work experience tend to demand storage management, responsible use of privileges, security and privacy laws and testing topics to be included in the secure coding training. Furthermore, in terms of training structure, developers with higher openness tend to demand hands-on training to be included. The study’s findings seek to inform future researchers and organisations on factors to consider when designing adaptive secure coding programs that would address the needs of developers from different backgrounds.
DOI