Explore a comprehensive analysis of factors influencing secure code development in this 43-minute OWASP Foundation conference talk. Delve into software vulnerabilities, static application security testing tools, and human factors affecting code security. Examine research methods, including DARPA studies, and investigate the impact of team dynamics, developer experience, and work environments on code quality. Learn about the effects of circadian rhythms, unfocused contributions, and team size on security outcomes. Discover insights from other domains, such as fatigue and cultural influences, to gain a holistic understanding of secure coding practices and team performance.
Do Certain Types of Developers or Teams Write More Secure Code?
Overview
Syllabus
Introduction
Anita Damico
Outline
Software Vulnerability
How long does it take to discover software vulnerabilities
Static application security testing tools
Human factors
Software engineering
Research methods
DARPA
Retrospective
Timecards
Concurrent Analysis
The Question
Predictors
Dramatic Pause
Colocation vs Distributed Teams
Human Circadian Rhythm
Unfocused Contribution
Number Of Developers
The bystander effect
Not all research agrees
Developer experience
Minor contributors
Day job
Interactive churn
Lessons from other domains
Fatigue
Death
Culture
Conclusion
Taught by
OWASP Foundation
