File:Investigating software security practices-2014-12-17-OWASP-BE.pdf

Investigating software security practices (by Koen Yskout and Laurens Sion, iMinds-DistriNet)

Security must be considered throughout the whole software development cycle, including early phases such as requirements elicitation and software design. While this is a widely accepted statement, it is not evident to achieve this in practice. Although some academic proposals along this line exist, they are not used in industry. As academics, before making any new proposals, we want to perform a survey in order to understand to what degree security and privacy are currently present in the requirements elicitation and architecture and design activities of organizations, how they are incorporated in practice, and what the benefits and limitations of the existing approaches are. In this short talk, we will explore why such a study is needed, what our goal is, and why you should participate.