OU researchers are part of a £1,008,352 project to study cyber security decisions during software development.
The project, funded by the Engineering and Physical Sciences Research Council, is called Why Johnny doesn't write secure software? Secure software development by the masses.
“Johnny” is pseudonymous for the wide range of people with diverse backgrounds, know-how and cyber security expertise who can, and are, developing software used by, potentially, a global user base.
This project aims to develop a deep foundational understanding of the way in which software developers make cyber security decisions during the creation of new products. This is as a result of the increasing diversity of developers in the digital economy and the fact that little is currently understood about the security behaviours and decision-making processes of 'the masses' engaged in software development.
The project, which runs until March 2020, draws on a research team of experts in cyber security, software engineering, and psychology and the aim is to conduct empirically-grounded research to better understand the security implications of Johnny's behaviours and practices and develop effective support for secure software development.
The OU team includes Professors of Computing, Bashar Nuseibeh and Marian Petre and Research Fellow, Dr Thein Tun, all at the Faculty of Science Technology Engineering and Mathematics.
Professor Nuseibeh said: “Our role in the project at the OU is to explore software development of secure systems, informed by empirical studies of human behaviour. These are areas in which we are recognised as internationally leading. Projects such as “Johnny” enhance our growing portfolio of cyber security research within the OU’s Software Engineering & Design (SEAD) Research Group.”
Project partners are: Lancaster University, University of Exeter, Google, the National Institute of Informatics, Japan, Lero – The Irish Software Research Centre, and Technical University Darmstadt.