Top

Published in:

2024 | OriginalPaper | Chapter

Facilitating Security Champions in Software Projects - An Experience Report from Visma

Authors : Anh Nguyen-Duc, Daniela Soares Cruzes, Hege Aalvik, Monica Iovan

Published in: Product-Focused Software Process Improvement

Publisher: Springer Nature Switzerland

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The role of security practices is increasingly recognized in fast-paced software development paradigms in contributing to overall software security. Security champions have emerged as a promising role in addressing the shortage of explicit security activities within software teams. Despite the growing awareness of general security practices, there remains limited knowledge regarding security champions, including their establishment, effectiveness, challenges, and best practices. This paper aims to bridge this gap by presenting insights from a survey of 73 security champions and 11 interviews conducted within a large Norwegian software house. Through this study, we explore the diverse activities undertaken by security champions, highlighting notable differences in motivations and task descriptions between voluntary and assigned champions. We also reported challenges with onboarding, communication, and training security champions and how they can be better supported in the organization. Our insight can be relevant for similar software houses in establishing, implementing, and improving their strategic security programs.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter To Memorize or to Document: A Survey of Developers’ Views on Knowledge Availability

next chapter Benefits and Challenges of an Internal Corporate Accelerator in a Software Company: An Action-Research Study

Coverity scan - static analysis. https://scan.coverity.com

Hack the box. https://www.hackthebox.com

Innovation. https://www.oxfordlearnersdictionaries.com/definition/american_english/innovation

MAXQDA. https://www.maxqda.com

OWASP top ten. https://owasp.org/www-project-top-ten/

Pluralsight. https://www.pluralsight.com

Secure code warrior. https://www.securecodewarrior.com

TryHackMe. https://tryhackme.com

VASP VCDM. https://www.visma.com/trust-centre/security/vasp-vcdm/

10.

Who we are. https://www.visma.com/organisation/

11.

Aalvik, H., Nguyen-Duc, A., Cruzes, D.S., Iovan, M.: Establishing a security champion in agile software teams: a systematic literature review. In: Arai, K. (eds.) Advances in Information and Communication. FICC 2023. LNNS, vol. 652. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-28073-3_53

12.

Alshaikh, M.: Developing cybersecurity culture to influence employee behavior: a practice perspective. Comput. Secur. 98, 102003 (2020)CrossRef

13.

Alshaikh, M., Adamson, B.: From awareness to influence: toward a model for improving employees’ security behaviour. Pers. Ubiquit. Comput. 25(5), 829–841 (2021)CrossRef

14.

Gabriel, T., Furnell, S.: Selecting security champions. Comput. Fraud Secur. 2011(8), 8–12 (2011)CrossRef

15.

Haney, J.M., Lutters, W.G.: The work of cybersecurity advocates. In: Proceedings of the 2017 CHI Conference Extended Abstracts on Human Factors in Computing Systems, pp. 1663–1670 (2017)

16.

Jaatun, M.G., Cruzes, D.S.: Care and feeding of your security champion. In: 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), pp. 1–7. IEEE (2021)

17.

Jenssen, J.I., Jørgensen, G.: How do corporate champions promote innovations? Int. J. Innov. Manag. 8(01), 63–86 (2004)CrossRef

18.

Likert, R.: A technique for the measurement of attitudes. Arch. Psychol. 22(140), 55 (1932)

19.

Morgan, G.: Riding the waves of change. Imaginization Inc. (2013)

20.

Oates, B.J., Griffiths, M., McLean, R.: Researching information systems and computing. Sage (2022)

21.

Runeson, P., Höst, M.: Guidelines for conducting and reporting case study research in software engineering. Empir. Softw. Eng. 14(2), 131–164 (2009)CrossRef

22.

Ryan, I., Roedig, U., Stol, K.J.: Understanding developer security archetypes. In: 2021 IEEE/ACM 2nd International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS), pp. 37–40. IEEE (2021)

23.

Thomas, T.W., Tabassum, M., Chu, B., Lipford, H.: Security during application development: an application security expert perspective. In: Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, pp. 1–12 (2018)

24.

Van de Ven, A.H.: Central problems in the management of innovation. Manage. Sci. 32(5), 590–607 (1986)

Title: Facilitating Security Champions in Software Projects - An Experience Report from Visma
Authors: Anh Nguyen-Duc
Daniela Soares Cruzes
Hege Aalvik
Monica Iovan
Publisher: Springer Nature Switzerland
Book: Product-Focused Software Process Improvement
Print ISBN: 978-3-031-49265-5

Electronic ISBN: 978-3-031-49266-2

Copyright Year: 2024
DOI: https://doi.org/10.1007/978-3-031-49266-2_4

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner