Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Adoption Theory of Secure Software Development Tools PI: Emerson Murphy-Hill Students: Jim Shepherd and Shundan Xiao.

Published bySamuel Hoover Modified over 8 years ago

Similar presentations

Presentation on theme: "An Adoption Theory of Secure Software Development Tools PI: Emerson Murphy-Hill Students: Jim Shepherd and Shundan Xiao."— Presentation transcript:

1 An Adoption Theory of Secure Software Development Tools PI: Emerson Murphy-Hill Students: Jim Shepherd and Shundan Xiao

2 Context The National Security Agency is sponsoring a large-scale “Science of Security” project to make fundamental advances in security. Three sites: Carnegie Mellon University of Illinois, Urbana-Champaign North Carolina State

3 Background: Secure Software Tools To secure our complex systems, we must secure their software Software developers are the lynchpin of software security Developers can use practices and tools to build secure software Tools include static analysis tools, model checkers, and automated penetration testing tools But developers generally use very few of the tools available to them. Why?

4 Background: Adoption Theory Why new ideas are adopted (or not) has been extensively studied in diffusion of innovations, an interdisciplinary study. Used in: – Agricultural innovations – Social programs – New technologies – A little in software development Identifies the factors that lead to adoption and effective sustained use Everett Rogers. Diffusion of Innovations. 2003.

5 Approach Identify the factors that lead to security tool adoption (and non-adoption) Step 1: Qualitatively identify factors Factors will help us make better tools, make smarter adoption decisions, and educate students

6 Method 43 Interviews with Software Developers Interviews semi-structured, some role-specific questions asked $50 gift card for participating

7 High Level Findings Relative advantage Compatibility Complexity Trialability Re-invention Characteristics of the innovation (security tools) Experience Inquisitiveness Company policy & standards Company culture Company domain & security concern Company structure Company training Social system factors Frequency of interaction Trust Characteristics of potential adopters (developers) Communication channels Company size Probability of adoption

8 Some Highlights Use of security tools may be low because it’s a preventative innovation: big distance between tools and their effects Far and away, developers are learning about security tools from their peers Developers may consider holistic cost of a tool, not just up front cost, but opportunity cost when sorting through false positives

9 More Highlights Company approval process effectively reduces trialability Tool integration into build system short- circuited many challenges of adoption Many developers felt they could rely on others to ensure security

10 Next Steps Year 2: Quantify – Distribute survey to people who have used tools – Distribute survey to wider developers, with vignettes Year 3: Predict and Refine – A-B testing case studies Year 4: Operationalize and Influence – Work with Industrial Extension Service to put theory to practice

11 Questions? Relative advantage Compatibility Complexity Trialability Re-invention Characteristics of the innovation (security tools) Experience Inquisitiveness Company policy & standards Company culture Company domain & security concern Company structure Company training Social system factors Frequency of interaction Trust Characteristics of potential adopters (developers) Communication channels Company size Probability of adoption

Download ppt "An Adoption Theory of Secure Software Development Tools PI: Emerson Murphy-Hill Students: Jim Shepherd and Shundan Xiao."

Similar presentations

The Evaluation of Illinois State Board of Educations Regional System of Support Providers (RESPROs) May 2009.

The Evaluation of Illinois State Board of Educations Regional System of Support Providers (RESPROs) May 2009.
Lesson 1: Introduction to IT Business and Careers

Lesson 1: Introduction to IT Business and Careers
Chapter 11Kotabe & Helsen's Global Marketing Management, Third Edition, 2004 1 Global Marketing Management Masaaki Kotabe & Kristiaan Helsen Third Edition.

Chapter 11Kotabe & Helsen's Global Marketing Management, Third Edition, Global Marketing Management Masaaki Kotabe & Kristiaan Helsen Third Edition.
What is Diffusion? The process of communicating innovation through certain channels over time through members of a social system.

What is Diffusion? The process of communicating innovation through certain channels over time through members of a social system.
1 IAC Emerging Technologies SIG: SOA Committee SOA Survey Results Steve Olding, Everware-CBDI John A. Smith, Ventera Corporation Fourth Service Oriented.

1 IAC Emerging Technologies SIG: SOA Committee SOA Survey Results Steve Olding, Everware-CBDI John A. Smith, Ventera Corporation Fourth Service Oriented.
Peer Interaction Effectively, yet Infrequently, Enables Programmers to Discover New Tools Emerson Murphy-Hill North Carolina State University Gail Murphy.

Peer Interaction Effectively, yet Infrequently, Enables Programmers to Discover New Tools Emerson Murphy-Hill North Carolina State University Gail Murphy.
1 Suzanne Lockhart M.A. Criminology thesis University of Melbourne, 2005 Current: PhD candidate University of S.A Identity Fraud – Displacement effects.

1 Suzanne Lockhart M.A. Criminology thesis University of Melbourne, 2005 Current: PhD candidate University of S.A Identity Fraud – Displacement effects.
Why don’t innovation models help with informatics implementations? Rod Ward University of the West of England Medinfo 2010.

Why don’t innovation models help with informatics implementations? Rod Ward University of the West of England Medinfo 2010.
Attributes of Innovations How the properties of an innovation affect their rate of adoption.

Attributes of Innovations How the properties of an innovation affect their rate of adoption.
Western Regional Biomedical Collaboratory Creating a culture for collaboration.

Western Regional Biomedical Collaboratory Creating a culture for collaboration.
Chapter 11 Training for Organizations The Trainer as Change Agent.

Chapter 11 Training for Organizations The Trainer as Change Agent.
Diffusion of Innovation Everett M. Rogers, 1995 (4 th edition) Diffusion is the process by which (1) an innovation (2) is communicated through certain.

Diffusion of Innovation Everett M. Rogers, 1995 (4 th edition) Diffusion is the process by which (1) an innovation (2) is communicated through certain.
MIS 648 Lecture 131 MIS 648 Presentation Notes: Lecture 13 Managing IT Offshoring: Is it a good thing?

MIS 648 Lecture 131 MIS 648 Presentation Notes: Lecture 13 Managing IT Offshoring: Is it a good thing?
SCHOOL OF INFORMATION UNIVERSITY OF MICHIGAN Cross Cutting Themes Jonathan Grudin John Walsh Deb Agarwal.

SCHOOL OF INFORMATION UNIVERSITY OF MICHIGAN Cross Cutting Themes Jonathan Grudin John Walsh Deb Agarwal.
Diffusion of Innovation How New Ideas, Practices, and Technologies Spread Content from

Diffusion of Innovation How New Ideas, Practices, and Technologies Spread Content from
DIFFUSION OF INNOVATIONS

DIFFUSION OF INNOVATIONS
Diffusion of Innovations Theory Tyra JanssonTyra Jansson H571 Principles of Health BehaviorH571 Principles of Health Behavior.

Diffusion of Innovations Theory Tyra JanssonTyra Jansson H571 Principles of Health BehaviorH571 Principles of Health Behavior.
Professor Sadie Creese Professor Koen Lamberts Nick Papanikolaou Research Fellow International Digital Laboratory University of Warwick

Professor Sadie Creese Professor Koen Lamberts Nick Papanikolaou Research Fellow International Digital Laboratory University of Warwick
Join Our Research Efforts in CCAA to Improve Cybersecurity Robustness, Resiliency and Management in Enterprises Information Slides to Encourage Your Organization.

Join Our Research Efforts in CCAA to Improve Cybersecurity Robustness, Resiliency and Management in Enterprises Information Slides to Encourage Your Organization.
Exploration into the barriers and obstacles constraining diffusion and adoption of renewable energy solutions Saskia Harkema and Mirjam Leloux Wittenborg.

Exploration into the barriers and obstacles constraining diffusion and adoption of renewable energy solutions Saskia Harkema and Mirjam Leloux Wittenborg.

Similar presentations

Ads by Google