Awareness of secure coding guidelines in the industry - A first data analysis

Abstract

Software needs to be secure, in particular when deployed to critical infrastructures. Secure coding guidelines capture practices in industrial software engineering to ensure the security of code. This study aims at assessing the level of awareness of secure coding in industrial software engineering, the skills of software developers to spot weaknesses in software code, and avoid them, as well as the organizational support to adhere to coding guidelines. The approach draws not only on well-established theories of policy compliance, neutralization theory, and security-related stress but also on the authors’ many years of experience in industrial software engineering and on lessons identified from training secure coding in the industry. The paper presents the design of the questionnaire for the online survey and the first analysis of data from the pilot study.