When writing software code, developers typically prioritise functionality over security, either consciously or unconsciously through biases and heuristics. This is often attributed to tangible pressures such as client requirements, but little is understood about the psychological dimensions affecting security behaviours. There is an increasing demand for understanding how psychological skills affect secure software development and to understand how these skills themselves are developed during the learning process. This doctoral research explores this research space, with aims to identify important workplace-based skills for software developers; to identify and empirically investigate the soft skills behind these workplace skills in order to understand how soft skills can influence security behaviours; and, to identify ways to introduce and teach soft skills to computer science students to prepare the future generation of software developers. The motivations behind this research are presented alongside the work plan. Three distinct phases are introduced, along with planned analyses. Phase one is currently in the data collection stage, with the second phase in planning. Prior relevant work is highlighted, and the paper concludes with a presentation of preliminary results and the planned next steps.
翻译:在撰写软件代码时,开发商通常通过偏见和累赘症,有意识地或无意识地优先考虑安全方面的功能,这往往归因于客户要求等实际压力,但很少了解影响安全行为的心理层面。人们日益需要了解心理技能如何影响安全的软件开发,并了解在学习过程中这些技能本身是如何发展的。博士研究探索了这一研究空间,目的是为软件开发商确定重要的工作场所技能;查明并实证地调查这些工作场所技能背后的软技能,以便了解软技能如何影响安全行为;以及确定如何向计算机科学学生引进和教授软技能,以培养未来一代软件开发者。在工作计划中介绍了这一研究背后的动机。除了计划的分析外,还引入了三个不同的阶段。第一阶段目前处于数据收集阶段,第二阶段正在规划中。重点突出了先前的相关工作,最后介绍了初步结果和计划下一步步骤。