11 Replies - 1239 Views - Last Post: 20 December 2019 - 07:25 AM

#1 hel_ty   User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 4
  • Joined: 18-December 19

In your experience, what are the main obstacles to securing software?

Posted 18 December 2019 - 04:50 AM

Hello, I'm researching the inclusion of security in software development from a non-technical stance - I was wondering, in your experience, what has enabled or prevented you from making your code and software more secure during development?

If anyone has 10 minutes to spare I'm also running a survey on this topic - any and all comments are greatly appreciated. This is an academic study from the University of Portsmouth (UK). For the full information or to participate please click the link - https://www.surveymo...co.uk/r/FRP5ZSN

Thanks for any feedback

Is This A Good Question/Topic? 0
  • +

Replies To: In your experience, what are the main obstacles to securing software?

#2 astonecipher   User is offline

  • Senior Systems Engineer
  • member icon

Reputation: 3062
  • View blog
  • Posts: 11,753
  • Joined: 03-December 12

Re: In your experience, what are the main obstacles to securing software?

Posted 18 December 2019 - 07:23 AM

This is kind of, odd. What has enabled or prevented you from making your software more secure, from a non technical perspective... From a non-technical perspective all of my code has always been secure, it's the users that make it not secure, from the non-technical perspective.
Was This Post Helpful? 3
  • +
  • -

#3 hel_ty   User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 4
  • Joined: 18-December 19

Re: In your experience, what are the main obstacles to securing software?

Posted 18 December 2019 - 07:55 AM

View Postastonecipher, on 18 December 2019 - 07:23 AM, said:

What has enabled or prevented you from making your software more secure, from a non technical perspective...


Thanks for the response - I think I phrased it badly. Creating secure software is technical, but there are soft factors outside of the coding that can impact the work. For example, the teams communication on what is needed, knowledge sharing between developers, and the devs own personal approach and attitude to security - if they don't want to be responsible for security for instance, they will be less thorough than someone who has an interest or specialises in security.
So the question was what are the main obstacles, whether technical or not, that you've encoutered. When you say it's the users who make it insecure, do you mean by the way they use the software?
Was This Post Helpful? 0
  • +
  • -

#4 modi123_1   User is offline

  • Suitor #2
  • member icon



Reputation: 15488
  • View blog
  • Posts: 62,032
  • Joined: 12-June 08

Re: In your experience, what are the main obstacles to securing software?

Posted 18 December 2019 - 08:08 AM

After you close the survey are you going to come back and post the data and results?
Was This Post Helpful? 0
  • +
  • -

#5 Skydiver   User is offline

  • Code herder
  • member icon

Reputation: 7230
  • View blog
  • Posts: 24,513
  • Joined: 05-May 12

Re: In your experience, what are the main obstacles to securing software?

Posted 18 December 2019 - 05:50 PM

Dr. Thackray: It would have helped a lot of you had posted the intro to your survey here. Probably trim away the some of the legal matters that you covered, but discuss the main reasons for the study.

Also as an aside, I believe there is a group of grad students from Netherlands also researching things along the same lines as you are. They also posted a request here to fill out their survey and they had promised to report back with the results of their study. Like all others who have requested for participants in their survey and said that they would come back with results, we have seen neither hide nor hair of them since the supposed end of their study period.
Was This Post Helpful? 0
  • +
  • -

#6 hel_ty   User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 4
  • Joined: 18-December 19

Re: In your experience, what are the main obstacles to securing software?

Posted 19 December 2019 - 05:40 AM

View Postmodi123_1, on 18 December 2019 - 08:08 AM, said:

After you close the survey are you going to come back and post the data and results?

I'd be happy to,

View PostSkydiver, on 18 December 2019 - 05:50 PM, said:

Dr. Thackray: It would have helped a lot of you had posted the intro to your survey here. Probably trim away the some of the legal matters that you covered, but discuss the main reasons for the study.

Also as an aside, I believe there is a group of grad students from Netherlands also researching things along the same lines as you are. They also posted a request here to fill out their survey and they had promised to report back with the results of their study. Like all others who have requested for participants in their survey and said that they would come back with results, we have seen neither hide nor hair of them since the supposed end of their study period.

Thanks for the feedback - I was primarily looking for thoughts and opinions, I just posted the survey link on the off chance someone would be interested. I will also be conducting interviews on this come January.
I understand it must be frustrating to have academics coming and asking questions and giving your time and not hearing about the results. It is something I think is quite important in online research, so I do always share at least the basic data. Academics can be slow, so finished articles can take a while!

Obviously if my post is not right for this forum I'm happy to take it down, I am just trying to reach as wide a range of people as I can - one of the wonders of the internet!
Was This Post Helpful? 0
  • +
  • -

#7 Salem_c   User is offline

  • void main'ers are DOOMED
  • member icon

Reputation: 2412
  • View blog
  • Posts: 4,545
  • Joined: 30-May 10

Re: In your experience, what are the main obstacles to securing software?

Posted 19 December 2019 - 12:12 PM

> 15. What do you believe is the stereotype of a software developer?
I gave up.

Way too many questions with zero relevance to the topic at hand.


> I'm researching the inclusion of security in software development from a non-technical stance
My impression is there are way too many people who trade convenience for security.
https://www.google.c...k+password+list

If you want something to research, try untying that knot.
Was This Post Helpful? 3
  • +
  • -

#8 astonecipher   User is offline

  • Senior Systems Engineer
  • member icon

Reputation: 3062
  • View blog
  • Posts: 11,753
  • Joined: 03-December 12

Re: In your experience, what are the main obstacles to securing software?

Posted 19 December 2019 - 12:21 PM

View PostSalem_c, on 19 December 2019 - 01:12 PM, said:

My impression is there are way too many people who trade convenience for security.

I think you mean, security for convenience? Which is exactly why I say the user is the predominant security flaw, regardless of how secure you make anything. Most modern "hacks" are nothing more than social engineering exploits. If you are going to use the simplest thing for your password, a birth date for you pin, and answer all those stupid "Answer these questions" polls, I need to worry far less about things like sql injection (I still do however) and more about ensuring that password algorithms don't allow you to use "Fluffy123" as a password. Adding things like 2FA so even when someone is stupid, it is less likely to compromise a system.
Was This Post Helpful? 3
  • +
  • -

#9 Skydiver   User is offline

  • Code herder
  • member icon

Reputation: 7230
  • View blog
  • Posts: 24,513
  • Joined: 05-May 12

Re: In your experience, what are the main obstacles to securing software?

Posted 19 December 2019 - 02:07 PM

... at which point it becomes a technical solution, as opposed to the social aspects affecting the developers during development which our researcher seems to by trying to dig at.
Was This Post Helpful? 0
  • +
  • -

#10 Skydiver   User is offline

  • Code herder
  • member icon

Reputation: 7230
  • View blog
  • Posts: 24,513
  • Joined: 05-May 12

Re: In your experience, what are the main obstacles to securing software?

Posted 19 December 2019 - 07:25 PM

I finally got around to going through the survey. Salem_c is quite correct. To me, only page 5 of your survey felt relevant to what you are trying to study. On the other hand, I've also only got a BS Computer Science. I don't have an Masters. My understanding is that most Master of Science degrees now require a course (or two) in experiment design and stats. So I may just be oblivious.
Was This Post Helpful? 1
  • +
  • -

#11 hel_ty   User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 4
  • Joined: 18-December 19

Re: In your experience, what are the main obstacles to securing software?

Posted 20 December 2019 - 01:08 AM

View PostSalem_c, on 19 December 2019 - 12:12 PM, said:

> 15. What do you believe is the stereotype of a software developer?
I gave up.

Way too many questions with zero relevance to the topic at hand.


> I'm researching the inclusion of security in software development from a non-technical stance
My impression is there are way too many people who trade convenience for security.
https://www.google.c...k+password+list

If you want something to research, try untying that knot.

Thanks for the comments and the link!

View PostSkydiver, on 19 December 2019 - 07:25 PM, said:

I finally got around to going through the survey. Salem_c is quite correct. To me, only page 5 of your survey felt relevant to what you are trying to study. On the other hand, I've also only got a BS Computer Science. I don't have an Masters. My understanding is that most Master of Science degrees now require a course (or two) in experiment design and stats. So I may just be oblivious.

That's fair, I'll try to explain the logic behind the design. Basically this survey is one part of the project, the next stage is interviews with devs that will focus more on what they feel is most important - and they can get as technical as they like. My research is highly qualitative, so very little in the way of stats, this is exploratory with the aim of narrowing down the field for future research to have clear hypotheses.
Most of the survey is about getting an idea of the variety in development, again rather than having hard stats to generalise. The first couple of questions are to do with perceptions of control and influence related to work - whether the individual thinks they have it or not. I think this is important when addressing problems or challenges in work/organisational environments. The broad demographic questions and ones about tools are useful to me - it gives an idea of the most popular or common but I can also learn of more obscure ones that I might not come across otherwise.
I'm also looking for patterns and themes that come up, such as the stereotypes about devs and how security is perceived. In terms of answering my overall research question, the survey is just one aspect, but it helps me to have a starting point beyond literature. The results from this are less about generating concrete answers, but more to provide context and topics for the interviews.
I hope this makes sense, and apologies for not being clear to being with, but different forums want different levels of information. If you have any other questions I'm happy to try and answer. And I do appreciate the comments and feedback, it all helps me.
Thanks and hope everyone enjoys the festive period!
Was This Post Helpful? 1
  • +
  • -

#12 astonecipher   User is offline

  • Senior Systems Engineer
  • member icon

Reputation: 3062
  • View blog
  • Posts: 11,753
  • Joined: 03-December 12

Re: In your experience, what are the main obstacles to securing software?

Posted 20 December 2019 - 07:25 AM

Waiting to see if the results are shared and what they translate to for your research.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1