Project: Secure Software without the Experts
Helping software development teams deliver secure software without expert support.
Our unique and ground-breaking research examines how development teams achieve cyber-secure software. Our mission is to help the 100,000 developers in the UK, and others further afield, to become a step better at defending their software – especially those who don’t have access to security specialists.
Welcome to the Secure Development Team research project!
We’re passionate at improving the ways that developers create secure software. This project at the Security Lancaster Institute of Lancaster University helps improve the security of software developed throughout Britain and the wider developer community. Working with teams in several companies, we have identified and trialled techniques to help any development team improve their software privacy and security, especially the large proportion of teams without access to software security experts.
We are now working to find effective ways to disseminate these techniques to the thousands of companies faced with increasing security threats and new GDPR accountability rules. That means us; that means you; that means many thousands of other developers, both individuals and in teams.
How could anybody achieve that? We tackle it in three ways, with research, publication and promotion:
-
Research
We’re working with dozens of other researchers around the world: in UCL, University of Bristol, Saarland University, Paderborn University, Carnegie Mellon University, in UK government, and many other places. We’re learning things that few security experts know and none have publicised. We work with parallel projects: the Johnny project examining security and solo programmers; and the Jenny project exploring motivation for security. Our own research has taught us things that few security experts know and none have publicised. We’re learning how programmers really react to security and how we can make secure development exciting and rewarding for those involved.
-
Publication
We’re publishing academic papers to prove through peer review what we have is valid. And we have produced the Secure Development Handbook, a guide for development teams wanting to use and benefit from the techniques we have discovered.
-
Promotion
We’re going out to conferences, to workshops, and to work with software development teams to help them and us discover the steps and enthusiasm that lead to software security.
Developer Essentials
Secure Software Support: Developer Essentials
Security Lancaster now offers a ‘security package’ to empower a software development team to deliver cyber-secure software. We call it ‘Developer Essentials’. It takes less than half a day of workshops to get a team’s leaders, programmers and testers more adept at software security. It also empowers one or two of the team to lead the workshops themselves in future. We’ve had success with several teams in small-to-medium sized companies, have improved the package accordingly, and will be improving the package further in cooperation with six further teams.
-
Facebook
-
Instagram
-
Twitter
-
YouTube