Do Certain Types of Developers or Teams Write More Secure Code?

Explore the human factors influencing secure code development in this 35-minute LASCON conference talk. Delve into research findings on developer experience, team dynamics, and environmental characteristics affecting software security. Discover how disrupted attention, team size, co-location, communication, work hours, and code rewrites impact the introduction of security weaknesses. Learn about DoD-funded R&D conducted on open-source and proprietary software repositories, as well as academic research on software engineering practices. Gain insights into psychological and environmental factors, research methodologies, and lessons from non-software domains. Examine concepts like the bystander effect, interactive churn, and the "Dirty Dozen" of human factors. Understand the implications for quality versus security in software development and explore opportunities to participate in ongoing research on secure coding practices.

Introduction
About Cure Decisions
Outline
Why
Where
Human Factors
Psychological Human Factors
Environmental Human Factors
Research Methodology
Other Studies
DARPA
How we do that
Timecard information
Team Colocation
No Difference
Attention
Un unfocused contribution
Quality or security
Unfocused contribution
The bystander effect
The number doesnt matter
How many people
No correlation
Quality vs security
Developer experience
Commit data
Developers experience
Microsoft study
Linux study
How developers interact
Interactive churn
Sequence of interactions
Lessons from nonsoftware domains
The Dirty Dozen
Fatigue Vigilance
Workload Limits
Experience Qualifications
Professional Engineer
Culture