The pipeline for secure software development is leaky, and whilst identifying the holes and mopping up the damage is an activity that an organisation needs to engage with, there’s still plenty more to do to support developers to navigate cyber security and write better code. This talk will explore the sociotechnical aspects of secure software development and risk management.

In March 2017, the NCSC (through the Research Institute for the Science of Cyber Security) and EPSRC (through their ‘Human Dimensions’ call) commissioned research to better understand the behaviours and motivations of developers and the challenges they face when incorporating cyber security. The ‘developer-centred security’ research portfolio now stands at 9+ projects backed by £3m of funding over three years. This talk will discuss the outcomes and findings so far about what the problem space looks like and how best to support and enable developers to design, build and sustain secure software.