Building In Security

Secure Software Development

Developer Essentials
Blog
Contact

Project: Secure Software without the Experts

Helping software development teams deliver secure software without expert support.

Our unique and ground-breaking research examines how development teams achieve cyber-secure software. Our mission is to help the 100,000 developers in the UK, and others further afield, to become a step better at defending their software – especially those who don’t have access to security specialists.

Welcome to the Secure Development Team research project!

We’re passionate at improving the ways that developers create secure software. This project at the Security Lancaster Institute of Lancaster University helps improve the security of software developed throughout Britain and the wider developer community. Working with teams in several companies, we have identified and trialled techniques to help any development team improve their software privacy and security, especially the large proportion of teams without access to software security experts.

We are now working to find effective ways to disseminate these techniques to the thousands of companies faced with increasing security threats and new GDPR accountability rules. That means us; that means you; that means many thousands of other developers, both individuals and in teams.

How could anybody achieve that? We tackle it in three ways, with research, publication and promotion:

  • Research

    We’re working with dozens of other researchers around the world: in UCL, University of Bristol, Saarland University, Paderborn University, Carnegie Mellon University, in UK government, and many other places. We’re learning things that few security experts know and none have publicised. We work with parallel projects: the Johnny project examining security and solo programmers; and the Jenny project exploring motivation for security. Our own research has taught us things that few security experts know and none have publicised. We’re learning how programmers really react to security and how we can make secure development exciting and rewarding for those involved.

  • Publication

    We’re publishing academic papers to prove through peer review what we have is valid. And we have produced the Secure Development Handbook, a guide for development teams wanting to use and benefit from the techniques we have discovered.

  • Promotion

    We’re going out to conferences, to workshops, and to work with software development teams to help them and us discover the steps and enthusiasm that lead to software security.

Developer Essentials

SSD Logo: To Get every developer in the UK just one step better at software security.

Secure Software Support: Developer Essentials

Security Lancaster now offers a ‘security package’ to empower a software development team to deliver cyber-secure software. We call it ‘Developer Essentials’. It takes less than half a day of workshops to get a team’s leaders, programmers and testers more adept at software security. It also empowers one or two of the team to lead the workshops themselves in future. We’ve had success with several teams in small-to-medium sized companies, have improved the package accordingly, and will be improving the package further in cooperation with six further teams.

Do you work with software developers? Would you like our help to improve your organisation’s software security?

Secure Development workshops
Contact Charles Weir
Secure development Contact

  • Facebook

  • Instagram

  • Twitter

  • YouTube