The National Cyber Security Centre (NCSC), working in collaboration with the Research Institute for the Science of Cyber Security (RISCS), is inviting proposals from academic researchers for research into the topic of Developer-Centred Security.

Further information on the call for proposals can be found here.

The topic of ‘Developer-Centred Security’ is one which hasn’t been addressed much by academia or government in the UK yet, but remains something that is raised as an issue on an increasingly regular basis. To begin understanding the topic better and the initial burning questions that we need answers to through UK research, we held a workshop on 24 November 2016.

The summary report and sketchnote from the workshop are available for download.
Report / Sketchnote

Talks at the workshop included:

  • Sascha Fahl, CISPA, Saarland University: Watching how developers write secure code.
    Presentation / Write-up
  • Laura Koksch, Fraunhofer SIT, Germany: How does security become routine? An ethnographic study in a software company
    Presentation / Write-up
  • Panel with Graham Calladine, Microsoft Corp: Principal Lead Security Manager in the Cloud and Enterprise group; Harry Metcalfe, DXW Ltd: CEO, Developer; Michael Brunton-Spall, GDS, Cabinet Office: Head of Security; and Professor Angela Sasse, UCL: Head of Productive Security Group, Department of Computer Science
    Write-up

Applications for funding should be sent to Phil Bliss, Head of GCHQ Research & Innovation Office, via email: Philip.B@ncsc.gov.uk. Applications must be received by 1600 on Friday 17th March.