21
Science of Security Lablet Understanding & Accounting Human Behavior Understanding Secure Development Tool Adoption Jim Witschey Graduate Research Assistant

Understanding Secure Development Tool Adoption

  • Upload
    others

  • View
    2

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Understanding Secure Development Tool Adoption

Science of Security Lablet

Understanding & Accounting Human Behavior

Understanding Secure Development Tool

Adoption Jim Witschey

Graduate Research Assistant

Page 2: Understanding Secure Development Tool Adoption

Science of Security Lablet

Understanding & Accounting Human Behavior

Us

• Jim Witschey (me) • Shundan Xiao • Dr. Emerson Murphy-Hill (PI)

Page 3: Understanding Secure Development Tool Adoption

Science of Security Lablet

Understanding & Accounting Human Behavior

Secure Development Software security can’t be painted on

www.flickr.com/photos/crondeau/6251922757

Page 4: Understanding Secure Development Tool Adoption

Science of Security Lablet

Understanding & Accounting Human Behavior

Secure Development Software security should be baked in

www.flickr.com/photos/crondeau/6251923537

Page 5: Understanding Secure Development Tool Adoption

Science of Security Lablet

Understanding & Accounting Human Behavior

Secure Development Tools Help developers find and fix vulnerabilities

http://blogs.smithsonianmag.com/design/files/2012/07/sherlock-holmes-glass_550.jpg

Page 6: Understanding Secure Development Tool Adoption

Science of Security Lablet

Understanding & Accounting Human Behavior

Secure Development Tools e.g. FindBugs

users.ece.utexas.edu/~miryung/teaching/EE461L-Spring2012/labs/findbugs.html

Page 7: Understanding Secure Development Tool Adoption

Science of Security Lablet

Understanding & Accounting Human Behavior

Secure Development Tool Adoption

•Why do developers use secure development tools?

•Why don’t they?

Page 8: Understanding Secure Development Tool Adoption

Science of Security Lablet

Understanding & Accounting Human Behavior

Diffusion of Innovations Sociological framework for understanding

adoption patterns of new technologies

http://commons.wikimedia.org/wiki/File:Chaconne_Dance_1735.jpg

Page 9: Understanding Secure Development Tool Adoption

Science of Security Lablet

Understanding & Accounting Human Behavior

What We’ve Done

• Interviewed 43 industry developers • Analyzed responses • Developed Security Tool Adoption Model

Page 10: Understanding Secure Development Tool Adoption

Science of Security Lablet

Understanding & Accounting Human Behavior

Relative Advantage

Compatibility

Complexity

Trialability Innovation

Experience

Inquisitiveness

Standards

Structure

Security Concern

Culture

Training

Exposure

Trust

Social System

Potential Adopter

Communication Channel

Probability of Adoption

Observability

Security Tool Adoption Model

Page 11: Understanding Secure Development Tool Adoption

Science of Security Lablet

Understanding & Accounting Human Behavior

Security Tool Adoption Model Relative Advantage

Compatibility

Complexity

Trialability Innovation

Experience

Inquisitiveness

Standards

Structure

Security Concern

Culture

Training

Exposure

Trust

Social System

Potential Adopter

Communication Channel

Probability of Adoption Observability

Page 12: Understanding Secure Development Tool Adoption

Science of Security Lablet

Understanding & Accounting Human Behavior

Tools

• Trialability – How easy is it to try out a tool?

Page 13: Understanding Secure Development Tool Adoption

Science of Security Lablet

Understanding & Accounting Human Behavior

Security Tool Adoption Model Relative Advantage

Compatibility

Complexity

Trialability Innovation

Experience

Inquisitiveness

Standards

Structure

Security Concern

Culture

Training

Exposure

Trust

Social System

Potential Adopter

Communication Channel

Probability of Adoption

Observability

Page 14: Understanding Secure Development Tool Adoption

Science of Security Lablet

Understanding & Accounting Human Behavior

Social System

• Company Structure – How do people interact within the company?

Page 15: Understanding Secure Development Tool Adoption

Science of Security Lablet

Understanding & Accounting Human Behavior

Security Tool Adoption Model Relative Advantage

Compatibility

Complexity

Trialability Innovation

Experience

Inquisitiveness

Standards

Structure

Security Concern

Culture

Training

Exposure

Trust

Social System

Potential Adopter

Communication Channel

Probability of Adoption

Observability

Page 16: Understanding Secure Development Tool Adoption

Science of Security Lablet

Understanding & Accounting Human Behavior

Communication Channel

• Trust – How much do developers trust a

communication channel?

Page 17: Understanding Secure Development Tool Adoption

Science of Security Lablet

Understanding & Accounting Human Behavior

Security Tool Adoption Model Relative Advantage

Compatibility

Complexity

Trialability Innovation

Experience

Inquisitiveness

Standards

Structure

Security Concern

Culture

Training

Exposure

Trust

Social System

Potential Adopter

Communication Channel

Probability of Adoption

Observability

Page 18: Understanding Secure Development Tool Adoption

Science of Security Lablet

Understanding & Accounting Human Behavior

Potential Adopters

• Experience – How long has the developer been working?

Page 19: Understanding Secure Development Tool Adoption

Science of Security Lablet

Understanding & Accounting Human Behavior

Relative Advantage

Compatibility

Complexity

Trialability Innovation

Experience

Inquisitiveness

Standards

Structure

Security Concern

Culture

Training

Exposure

Trust

Social System

Potential Adopter

Communication Channel

Probability of Adoption

Observability

Security Tool Adoption Model

Page 20: Understanding Secure Development Tool Adoption

Science of Security Lablet

Understanding & Accounting Human Behavior

What’s Next?

•More interviews with OSS developers – generalize our model

• Surveys of hundreds of developers – quantify our model

• Case studies – help companies understand and foster security

tool adoption in their organizations

Page 21: Understanding Secure Development Tool Adoption

Science of Security Lablet

Understanding & Accounting Human Behavior

How Can We Work Together?

• Connect us to your developers for surveys •Help us conduct case studies

– gain concrete knowledge about how your policies affect adoption in your organization


A Secure Self Adaptation Mechanism in for Service Base ... · A Secure Self Adaptation Mechanism in for Service Base ... method to achieve a good set of concrete services, ... adoption

A Secure Self Adaptation Mechanism in for Service Base ... · A Secure Self Adaptation Mechanism in for Service Base ... method to achieve a good set of concrete services, ... adoption

Documents
Your Adoption Kit for Citrix Workspace Premium Plus · 2020-05-17 · Your Adoption Kit for Citrix Workspace Premium Plus Thank you for choosing Citrix as your secure digital workspace

Your Adoption Kit for Citrix Workspace Premium Plus · 2020-05-17 · Your Adoption Kit for Citrix Workspace Premium Plus Thank you for choosing Citrix as your secure digital workspace

Documents
Examining the Adoption and Abandonment of …Secure mobile messaging apps simplify key management, but adoption is still limited by fragmented user bases [1]. Compared to security

Examining the Adoption and Abandonment of …Secure mobile messaging apps simplify key management, but adoption is still limited by fragmented user bases [1]. Compared to security

Documents
Azure for Secure Worldwide Public Sector Cloud Adoption...Azure for Secure Worldwide Public Sector Cloud Adoption 2 Abstract Microsoft Azure is a multi-tenant cloud services platform

Azure for Secure Worldwide Public Sector Cloud Adoption...Azure for Secure Worldwide Public Sector Cloud Adoption 2 Abstract Microsoft Azure is a multi-tenant cloud services platform

Documents
Adoption: a new approach A White Paper · adoption: the new approach The Government will: – invest £66.5m over three years to secure sustained improvements in adoption services

Adoption: a new approach A White Paper · adoption: the new approach The Government will: – invest £66.5m over three years to secure sustained improvements in adoption services

Documents
Studying the Adoption of Mail2Tag: an Enterprise2.0 Tool for … · 2017-07-19 · Studying the Adoption of Mail2Tag: an Enterprise2.0 Tool for Sharing Les Nelson, ... Their comparison

Studying the Adoption of Mail2Tag: an Enterprise2.0 Tool for … · 2017-07-19 · Studying the Adoption of Mail2Tag: an Enterprise2.0 Tool for Sharing Les Nelson, ... Their comparison

Documents
A STUDY ON THE ADOPTION OF A WEB PAGE CONTENT …d-scholarship.pitt.edu/6246/1/LaRue_e_dissertation2007.pdf · A STUDY ON THE ADOPTION OF A WEB PAGE CONTENT ASSESSMENT TOOL: SPAT

A STUDY ON THE ADOPTION OF A WEB PAGE CONTENT …d-scholarship.pitt.edu/6246/1/LaRue_e_dissertation2007.pdf · A STUDY ON THE ADOPTION OF A WEB PAGE CONTENT ASSESSMENT TOOL: SPAT

Documents
Alkhorayef Database & Engineering Pump Tool. Secure Data Access Worldwide

Alkhorayef Database & Engineering Pump Tool. Secure Data Access Worldwide

Documents
Adoption of an Electronic Medical Record-Based Decision Support Tool for Otitis Media

Adoption of an Electronic Medical Record-Based Decision Support Tool for Otitis Media

Documents
Secure USB Bypassing Tool - DFRWS · Secure USB Bypassing Tool By Jewan Bang, Byeongyeong Yoo and Sangjin Lee From the proceedings of The Digital Forensic Research Conference DFRWS

Secure USB Bypassing Tool - DFRWS · Secure USB Bypassing Tool By Jewan Bang, Byeongyeong Yoo and Sangjin Lee From the proceedings of The Digital Forensic Research Conference DFRWS

Documents
The HMC Is a Fantastic Tool But Are You Making it Secure? · PDF fileThe HMC Is a Fantastic Tool But Are You Making it Secure? ... configure and dynamically reconfigure the LPARs in

The HMC Is a Fantastic Tool But Are You Making it Secure? · PDF fileThe HMC Is a Fantastic Tool But Are You Making it Secure? ... configure and dynamically reconfigure the LPARs in

Documents
Digital and Automation test Adoption...DIGITAL AND AUTOMATION TEST ADOPTION QA Trend we will focus in near future Open source will push commercial tool innovation Buckle up: You'll

Digital and Automation test Adoption...DIGITAL AND AUTOMATION TEST ADOPTION QA Trend we will focus in near future Open source will push commercial tool innovation Buckle up: You'll

Documents
CVS Caremark Digital Adoption Tool Kit

CVS Caremark Digital Adoption Tool Kit

Documents
Secure File Transfer Protocol - Ministry of Health · SFTP or Secure File Transfer Protocol is a secure file transfer tool between a SFTP server and user, using a SFTP client or SFTP

Secure File Transfer Protocol - Ministry of Health · SFTP or Secure File Transfer Protocol is a secure file transfer tool between a SFTP server and user, using a SFTP client or SFTP

Documents
Find Secure Audit PII in SharePointassets.cdnma.com/11381/assets/Solution_Briefs/Securin… ·  · 2015-08-20Find, Secure, and Audit PII in SharePoint Executive Summary The adoption

Find Secure Audit PII in SharePointassets.cdnma.com/11381/assets/Solution_Briefs/Securin… ·  · 2015-08-20Find, Secure, and Audit PII in SharePoint Executive Summary The adoption

Documents
Downloading Secure Agent and ICRT Developer Tools · Web viewInformatica Process Developer: Developer tool to design the business or workflow processes. Secure Agent: Agent will be

Downloading Secure Agent and ICRT Developer Tools · Web viewInformatica Process Developer: Developer tool to design the business or workflow processes. Secure Agent: Agent will be

Documents
QAToCA - a qualitative expert assessment tool for CA adoption in Africa. Hycenth Tim Ndah

QAToCA - a qualitative expert assessment tool for CA adoption in Africa. Hycenth Tim Ndah

Education
Secure DevOps Kit for Azure - SANS Institute · Secure DevOps Kit for Azure (AzSK) A toolkit for accelerating adoption of Azure at the enterprise by automating cloud resource configuration

Secure DevOps Kit for Azure - SANS Institute · Secure DevOps Kit for Azure (AzSK) A toolkit for accelerating adoption of Azure at the enterprise by automating cloud resource configuration

Documents
Draft Pending Adoption - naic. · PDF fileDraft Pending Adoption ... A final decision on that tool should be made in June. ... indicated that training would be helpful for consumer

Draft Pending Adoption - naic. · PDF fileDraft Pending Adoption ... A final decision on that tool should be made in June. ... indicated that training would be helpful for consumer

Documents
SECURE HASH STANDARD - NIST · Specify the secure hash algorithm to be used whenever a secure hash algorithm is required for Federal applications; and . c. Encourage the adoption

SECURE HASH STANDARD - NIST · Specify the secure hash algorithm to be used whenever a secure hash algorithm is required for Federal applications; and . c. Encourage the adoption

Documents
Making a secure transition to the public cloud€¦ · Making a secure transition to the public cloud 5 Preface Over recent years, cloud adoption has accelerated and a shift toward

Making a secure transition to the public cloud€¦ · Making a secure transition to the public cloud 5 Preface Over recent years, cloud adoption has accelerated and a shift toward

Documents
INTRODUCTION SERT Samsung Event Reporting Tool. Introduction SERT is the Samsung Event Reporting Tool – SERT is a secure WEB based application that provides

INTRODUCTION SERT Samsung Event Reporting Tool. Introduction SERT is the Samsung Event Reporting Tool – SERT is a secure WEB based application that provides

Documents
Choosing a Secure Cloud Service Provider - Cyber …Trend of Cloud Adoption (2017) Just 23% of organizations today completely trust public clouds to keep their data secure. (McAfee,

Choosing a Secure Cloud Service Provider - Cyber …Trend of Cloud Adoption (2017) Just 23% of organizations today completely trust public clouds to keep their data secure. (McAfee,

Documents
Increasing Adoption of Secure Coding - SEI Digital Library › asset_files › Poster › ... · Increase Adoption of Secure Coding Standards Poster (SEI 2015 Research Review) Author:

Increasing Adoption of Secure Coding - SEI Digital Library › asset_files › Poster › ... · Increase Adoption of Secure Coding Standards Poster (SEI 2015 Research Review) Author:

Documents
alameda.peralta.edu€¦ · Web viewGUIDED PATHWAYS SELF-ASSESSMENT TOOL. Self-Assessment Outline. Scale of Adoption. Key Element. Pre-Adoption. Early Adoption. In Progress. Full

alameda.peralta.edu€¦ · Web viewGUIDED PATHWAYS SELF-ASSESSMENT TOOL. Self-Assessment Outline. Scale of Adoption. Key Element. Pre-Adoption. Early Adoption. In Progress. Full

Documents
Cloud Candidate Selection Tool - Guiding Cloud … Candidate Selection Tool: Guiding Cloud Adoption Executive Overview 2 Introduction 2 Tool Capabilities and Structure

Cloud Candidate Selection Tool - Guiding Cloud … Candidate Selection Tool: Guiding Cloud Adoption Executive Overview 2 Introduction 2 Tool Capabilities and Structure

Documents
PUMfilms, a secure promotion & marketing tool for distributors Europa Distribution Conference Estoril, November 12th, 2009

PUMfilms, a secure promotion & marketing tool for distributors Europa Distribution Conference Estoril, November 12th, 2009

Documents
Role of Standards: Tackling the Barriers to Adoption of ...conferences.computer.org/chase/panel2.pdfauthentication • Secure transmission • Make available to participants Proposed

Role of Standards: Tackling the Barriers to Adoption of ...conferences.computer.org/chase/panel2.pdfauthentication • Secure transmission • Make available to participants Proposed

Documents
Webcast: How to improve sales tool adoption

Webcast: How to improve sales tool adoption

Business
Open Adoption Settlement Tool or Best Interests? Douglas J. Monaghan, JD, CWLS Nancy A. Randall, Psy.D

Open Adoption Settlement Tool or Best Interests? Douglas J. Monaghan, JD, CWLS Nancy A. Randall, Psy.D

Documents