skills, tools, and work environment which is required
to build security into the software.
We also recommend software companies use our
provided coding mechanism called SUTE to evaluate
the security challenges faced by their software teams.
Although the codes have been tested on two teams
in one company, we believe they should be piloted
across different projects to establish our recommenda-
tions. Our coding mechanism reveals a misalignment
between developers and managers when it comes to
a working environment and security design. Simi-
lar findings have been stated in earlier research ef-
forts (Franc¸a et al., 2018), (Graziotin et al., 2013).
Hence, we believe the proposed coding technique can
help companies evaluate security challenges in exist-
ing projects.
At the same time, our coding mechanism can be
used with the popular SPACE framework as discussed
earlier in the paper. Using such a framework will en-
able practitioners to identify a wide range of metrics
that will enable practitioners to capture the require-
ments and challenges of building security into the
software concerning their company and project. We
would also like to extend our research by incorpo-
rating feedback from more respondents and increas-
ing the number of project teams. Including a greater
number of respondents will enable us to reach more
concrete answers to our research questions.
ACKNOWLEDGEMENTS
This project is in part supported by the California
State University San Marcos Professional Develop-
ment funds.
REFERENCES
Beznosov, K. and Chess, B. (2008). Security for the rest
of us: An industry perspective on the secure-software
challenge. IEEE Software, 25(1):10–12.
Bressan, L., de Oliveira, A. L., Campos, F., and Capilla,
R. (2021). A variability modeling and transformation
approach for safety-critical systems. In 15th Interna-
tional Working Conference on Variability Modelling
of Software-Intensive Systems, pages 1–7.
Forsgren, N., Storey, M.-A., Maddila, C., Zimmermann, T.,
Houck, B., and Butler, J. (2021). The space of devel-
oper productivity: There’s more to it than you think.
Queue, 19(1):20–48.
Franc¸a, C., Da Silva, F. Q., and Sharp, H. (2018). Moti-
vation and satisfaction of software engineers. IEEE
Transactions on Software Engineering, 46(2):118–
140.
G. Kagombe, G., Waweru Mwangi, R., and Muliaro Wa-
fula, J. (2021). Achieving standard software security
in agile developments. In 2021 The 11th International
Conference on Information Communication and Man-
agement, pages 24–33.
Graziotin, D., Wang, X., and Abrahamsson, P. (2013). Are
happy developers more productive? In International
Conference on Product Focused Software Process Im-
provement, pages 50–64. Springer.
Imran, A., Aljawarneh, S., and Sakib, K. (2016). Web
data amalgamation for security engineering: Digital
forensic investigation of open source cloud. J. UCS,
22(4):494–520.
Imran, A., Ul Gias, A., Rahman, R., and Sakib, K. (2013).
Provintsec: a provenance cognition blueprint ensuring
integrity and security for real life open source cloud.
International Journal of Information Privacy, Security
and Integrity, 1(4):360–380.
Ingalsbe, J. A., Kunimatsu, L., Baeten, T., and Mead, N. R.
(2008). Threat modeling: diving into the deep end.
IEEE software, 25(1):28–34.
J
¨
urjens, J. (2005). Secure systems development with UML.
Springer Science & Business Media.
Khan, M. U. A. and Zulkernine, M. (2008). Quantifying se-
curity in secure software development phases. In 2008
32nd Annual IEEE International Computer Software
and Applications Conference, pages 955–960.
Kołodziej, J. and Xhafa, F. (2011). Meeting security and
user behavior requirements in grid scheduling. Sim-
ulation Modelling Practice and Theory, 19(1):213–
226.
Kumar, N., Mohan, K., and Holowczak, R. (2008). Locking
the door but leaving the computer vulnerable: Factors
inhibiting home users’ adoption of software firewalls.
Decision Support Systems, 46(1):254–264.
Lawson, S. and Middleton, M. K. (2019). Cyber pearl har-
bor: Analogy, fear, and the framing of cyber security
threats in the united states, 1991-2016. First Monday.
Rendell, D. (2019). Understanding the evolution of mal-
ware. Computer Fraud & Security, 2019(1):17–19.
Storey, M.-A., Houck, B., and Zimmermann, T. (2022).
How developers and managers define and trade pro-
ductivity for quality. In Proceedings of the 15th Inter-
national Conference on Cooperative and Human As-
pects of Software Engineering, pages 26–35.
Tondel, I. A., Jaatun, M. G., and Meland, P. H. (2008). Se-
curity requirements for the rest of us: A survey. IEEE
software, 25(1):20–27.
Ulsch, M. (2014). Cyber threat!: how to manage the grow-
ing risk of cyber attacks. Wiley Online Library.
Zhang, Y., Xiao, Y., Kabir, M. M. A., Yao, D., and
Meng, N. (2022). Example-based vulnerability de-
tection and repair in java code. In Proceedings of
the 30th IEEE/ACM International Conference on Pro-
gram Comprehension, pages 190–201.
ENASE 2023 - 18th International Conference on Evaluation of Novel Approaches to Software Engineering
700