Developers Want Security Tools—But Won't Actually Use Them
A new study finds that despite strong interest from software developers, adoption of automated security practices remains stubbornly low. The research reveals a critical gap between intention and action that could undermine corporate supply chain resilience and leave enterprises vulnerable to breaches.
Originaltitel: Secure Software Engineering Through Sensible AutoMation (SESAM)
<p>Background: Security is incorporated late in the Software Development Life Cycle (SDLC), whereas early activities supporting developers in understanding and implementing security measures are difficult to integrate.</p><p>Aims: The project focuses on empowering developers with tools and practices to seamlessly integrate security and understand the role automation plays in it.</p><p>Method: During the project, we perform several industrial empirical studies, qualitative and quantitative, under the Design Science Research paradigm.</p><p>Results: Our studies supporting developers to secure their software supply chain show a positive stance despite low adoption of artifacts such as SBOM and VEX. Other efforts, embedding security in GUIbased testing, are showing promising results.</p><p>Conclusion: The project covers a broad spectrum of development activities that can be enhanced from a security perspective. Initial results show that despite developers' interest, adoption is limited. </p>