Developing software is no longer the domain of the select few with deep technical skills, training and knowledge. A wide range of people from diverse backgrounds are developing software for smart phones, websites and IoT devices used by millions of people. Johnny is our psuedonym for such a developer. Currently, little is understood about the security behaviours and decision-making processes of Johnny engaging in software development.
The overall aim of this EPSRC-funded project is to develop an empirically-grounded theory of secure software development by the masses. Our focus is on understanding:
- what typical classes of security vulnerabilities arise from Johnny’s mistakes (v),
- why these mistakes occur (b) and
- how we may mitigate these issues and promote secure behaviours (i).