Project: Secure Software without the Experts

Helping software development teams deliver secure software without expert support.

Welcome to the Secure Development Team research project!

 

We’re passionate at improving the ways that developers create secure software.

 

 

This project at the Security Lancaster Institute of Lancaster University helps improve the security of software developed throughout Britain and the wider developer community. Working with teams in several companies, we have identified and trialled techniques to help any development team improve their software privacy and security, especially the large proportion of teams without access to software security experts.

 

We are now working to find effective ways to disseminate these techniques to the thousands of companies faced with increasing security threats and new GDPR accountability rules. That means us; that means you; that means many thousands of other developers, both individuals and in teams.

 

How could anybody achieve that? We tackle it in three ways, with research, publication and promotion:

 

Research: We’re working with dozens of other researchers around the world: in UCL, University of Bristol, Saarland University, Paderborn University, Carnegie Mellon University, in UK government, and many other places.  We’re learning things that few security experts know and none have publicised. We work with parallel projects: the Johnny project examining security and solo programmers; and the Jenny project exploring motivation for security. Our own research has taught us things that few security experts know and none have publicised. We’re learning how programmers really react to security and how we can make secure development exciting and rewarding for those involved. 

 

Publication: We’re publishing academic papers to prove through peer review what we have is valid. And we’re publishing how to guides like this website to help other people to help your and others learn what you want to know.

 

Promotion: We’re going out to conferences, to workshops, and to work with software development teams to help them and us discover the steps and enthusiasm that lead to software security.

 

What this means for you...

Do you work with software developers? Would you like our help – for free – to improve your organisation’s software security? We’re offering free interventions to the first six organisations to sign up. Click here to find out how to become one of them.

 

Interested in collaborating with us? Contact Charles, lead researcher, here. Or meet us at one of our events here.

 

And take a look at the what's happening in the blog, and in the Twitter feed below.




Secure Developer (@SecureDevelop) | Twitter

The latest Tweets on Secure Development