Awareness of Secure Coding Guidelines in the Industry -- A first data analysis
This study addresses the problem of understanding and improving secure coding practices for industrial software engineers, particularly in critical infrastructure contexts, by assessing current awareness and support.
This study investigates the awareness of secure coding guidelines, developer skills in identifying and avoiding code weaknesses, and organizational support for guideline adherence within industrial software engineering. It presents the design of an online survey questionnaire and initial data analysis from a pilot study.
Software needs to be secure, in particular, when deployed to critical infrastructures. Secure coding guidelines capture practices in industrial software engineering to ensure the security of code. This study aims to assess the level of awareness of secure coding in industrial software engineering, the skills of software developers to spot weaknesses in software code, avoid them, and the organizational support to adhere to coding guidelines. The approach draws on well-established theories of policy compliance, neutralization theory, and security-related stress and the authors' many years of experience in industrial software engineering and on lessons identified from training secure coding in the industry. The paper presents the questionnaire design for the online survey and the first analysis of data from the pilot study.