Human factors that influence secure software development

Anita D’Amico,

Code Dx CEO

Chris Horn,

Senior Researcher

This briefing reviewed research results within an emerging area of application security research: the human factors that relate to secure code development. These findings were presented at RSA 2020. You can download a free copy of the presentation by filling out the form below.

    Why do some developers produce secure code, but others do not?

    What potentially configurable elements impact code quality and security?

    Software is written by people, and their actions and decisions ultimately affect the security of the code they produce. This presentation explores research conducted to find out what human factors affect the development of secure—or insecure—code.

    These factors are widely varied, and include elements such as team composition and size, environmental distractions, and “code churn.” This presentation details which researched human factors had the greatest impact. Knowing which factors are associated with code security will help AppSec analysts search for undiscovered vulnerabilities.

    Why does this research matter?

    Introduce fewer vulns

    By identifying which human factors increase the number and severity of vulnerabilities, you can adapt your environment to reduce or eliminate those factors.

    Save time and money

    It’s expensive and time-consuming to test, confirm, and remediate vulnerabilities, so the fewer you introduce, the less you strain your AppSec budget.

    Fix what matters

    Reducing the volume of vulnerabilities means your AppSec professionals will have more time and budget to focus on fixing the important issues first.