The NCSC has awarded a £0.5m grant to researchers at the Open University for their project 'Motivating Jenny to Write Secure Software: Community and Culture of Coding'.
The two-year project, led by Professor Helen Sharp of The Open University, will explore security culture across a diverse range of software teams, and seeks to understand why and how developers can be motivated and enabled to adopt and integrate secure coding practices. This will be used to develop guidelines for creating a security culture within software teams, and to propagate this culture through the developer community. The rest of the team is Arosha Bandara, Tamara Lopez, Bashar Nuseibeh, Thein Thun and Mark Levine (University of Exeter).
The research runs in parallel to another developer-centred security themed project funded by an EPSRC* grant of £1m, “Why Johnny doesn't write secure software? Secure software development by the masses”, led by Professor Awais Rashid of University of Lancaster. This research seeks to better understand the security implications of Johnny's behaviours and practices, and develop effective support for secure software development.
The developer-centred security research projects, collaborating under the Research Institute for Science of Cyber Security (RISCS), seek to understand software development from the perspective of a developer, and how this impacts their relationship with security. These projects complement other NCSC initiatives that seek to drive the UK software ecosystem to be better and reduce the harm caused by the impact of software vulnerabilities. This includes work under the Research Institute in Verified Trustworthy Software Systems.
Collectively, the outputs from these initiatives will provide a richer understanding of the challenges faced by people who develop and maintain software, and by those who use it.
Engineering Processes & Assurance Lead, Sociotechnical Security Group, NCSC