OU researchers have been awarded £500,000 by the National Cyber Security Centre (NCSC), to research the factors that motivate software developers to build security measures into software development. This is part of a programme of research focussed on making systems ‘secure by default’, hosted by the NCSC-funded Research Institute for the Science of Cyber Security (RISCS).
The project is called Motivating Jenny to Write Secure Software: community and culture of coding, led by Professor Helen Sharp, Associate Dean for Research and Scholarship, and will run for two years from July 2017. It will investigate the role of developer motivation in the production of secure code, resulting in guidelines for creating and propagating a security culture within the community of professional software developers who are not security specialists.
It is a sister project to the Engineering and Physical Research Council project: Why Johnny doesn't write secure software? Secure software development by the masses, which is researching cyber security decisions made during software development.
The OU team comprises Professor Helen Sharp (Principal Investigator), Professor Bashar Nuseibeh, Dr Thein Tun and Dr Arosha Bandara, all in the Faculty of Science Technology Engineering and Mathematics. Dr Tamara Lopez, who gained her PhD from the OU, will be the full-time researcher on the project.
Motivating Jenny will be delivered in partnership with Professor Mark Levine at the University of Exeter, who will focus on the ways in which secure software development practices are propagated through communities.
Professor Sharp said: This is an exciting opportunity to extend the work on software developer motivation that we started over 10 years ago, and to engage with the vibrant and energetic RISCS community. Bringing empirical, practice-based research to cybersecurity puts us at the forefront of this high profile focus area.