Litcius/Paper detail

Building and Validating a Scale for Secure Software Development Self-Efficacy

Daniel Votipka, Desiree Abrokwa, Michelle L. Mazurek

202033 citationsDOI

Abstract

Security is an essential component of the software development lifecycle. Researchers and practitioners have developed educational interventions, guidelines, security analysis tools, and new APIs aimed at improving security. However, measuring any resulting improvement in secure development skill is challenging. As a proxy for skill, we propose to measure self-efficacy, which has been shown to correlate with skill in other contexts. Here, we present a validated scale measuring secure software-development self-efficacy (SSD-SES). We first reviewed popular secure-development frameworks and surveyed 22 secure-development experts to identify 58 unique tasks. Next, we asked 311 developers - over multiple rounds - to rate their skill at each task. We iteratively updated our questions to ensure they were easily understandable, showed adequate variance between participants, and demonstrated reliability. Our final 15-item scale contains two sub-scales measuring belief in ability to perform vulnerability identification and mitigation as well as security communications tasks.

Topics & Concepts

Computer scienceVulnerability (computing)Scale (ratio)Task (project management)Proxy (statistics)Development testingSoftware security assuranceReliability (semiconductor)SoftwareSoftware developmentSecure codingIdentification (biology)Software engineeringSoftware development processComputer securityInformation securityMachine learningEngineeringSystems engineeringSecurity servicePhysicsQuantum mechanicsBotanyProgramming languagePower (physics)BiologySoftware Engineering ResearchInformation and Cyber SecuritySoftware Engineering Techniques and Practices
Building and Validating a Scale for Secure Software Development Self-Efficacy | Litcius