Blog post

NCSC award £0.5m grant to fund 'Developer Centred Security' research

Created:  21 Aug 2017
Updated:  21 Aug 2017
Author:  Helen L
Developer Centred Security

The NCSC has awarded a £0.5m grant to researchers at the Open University for their project 'Motivating Jenny to Write Secure Software: Community and Culture of Coding'.

The two-year project, led by Professor Helen Sharp of The Open University, will explore security culture across a diverse range of software teams, and seeks to understand why and how developers can be motivated and enabled to adopt and integrate secure coding practices. This will be used to develop guidelines for creating a security culture within software teams, and to propagate this culture through the developer community. The rest of the team is Arosha Bandara, Tamara Lopez, Bashar Nuseibeh, Thein Thun and Mark Levine (University of Exeter).

The research runs in parallel to another developer-centred security themed project funded by an EPSRC* grant of £1m, “Why Johnny doesn't write secure software? Secure software development by the masses, led by Professor Awais Rashid of University of Lancaster. This research seeks to better understand the security implications of Johnny's behaviours and practices, and develop effective support for secure software development.

The developer-centred security research projects, collaborating under the Research Institute for Science of Cyber Security (RISCS), seek to understand software development from the perspective of a developer, and how this impacts their relationship with security. These projects complement other NCSC initiatives that seek to drive the UK software ecosystem to be better and reduce the harm caused by the impact of software vulnerabilities. This includes work under the Research Institute in Verified Trustworthy Software Systems.

Collectively, the outputs from these initiatives will provide a richer understanding of the challenges faced by people who develop and maintain software, and by those who use it.

Helen L

Engineering Processes & Assurance Lead, Sociotechnical Security Group, NCSC

 

 

*The Engineering and Physical Sciences Research Council is the UK's main agency for funding research in engineering and the physical sciences.

3 comments

Mike Yoyng - 05 Sep 2017
How do we offer our company up to help with the research?
Thein Tun - 11 Sep 2017
Dear Mike, Please get in touch through contact information on the project websites: motivatingjenny.org and writingsecuresoftware.org. Thank you.
Helen L - 12 Sep 2017
Hi Mike, thank you very much for the offer of help – collaboration with industry is so important to our research. I see Thein, one of the researchers on the project, has been in touch - I shall also drop you a line. Thanks again, Helen

Leave a comment

Was this blog post helpful?

We need your feedback to improve this content.

Yes No