Developing software is no longer the domain of the select few with deep technical skills, training and knowledge. A wide range of people from diverse backgrounds are developing software for smart phones, websites and IoT devices used by millions of people. Johnny is our psuedonymous for such a developer. Currently, little is understood about the security behaviours and decision-making processes of Johnny engaging in software development.
The overall aim of this EPSRC-funded project is to develop an empirically-grounded theory of secure software development by the masses. Our focus is on understanding:
a. What typical classes of security vulnerabilities arise from Johnny's mistakes,
b. Why these mistakes occur and
c. How we may mitigate these issues and promote secure behaviours.