Putting the sec in DevSecOps: using social practice theory to improve secure software development

Debi Ashenden, Gail Ollis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

266 Downloads (Pure)


Practices such as open source development, agile, DevOps and DevSecOps mean that cyber security professionals need to find ways to blend cyber security with software development practices. One way of approaching this is as an awareness, education and training problem and many organisations are focusing on training software developers in cyber security. In this paper, however, we make the case for looking more broadly at group rather than individual behaviours, by examining the social practices of software developers. Changing software development practices are shaping the lived experience of software developers and we argue that understanding these practices will enable us to improve secure software development. We use social practice theory as a framework to develop recommendations for aligning and blending cyber security and software development. To achieve this, we carried out a rapid review of research on software development practices and supplemented this with data from ten key informant interviews to ascertain what we need to consider when developing an intervention for secure software development. Finally, we outline how our research could be used to develop a workshop that would facilitate the co-creation of security practices for software development. We conclude with suggestions for future research.

Original languageEnglish
Title of host publicationNew Security Paradigms Workshop, NSPW 2020 - Post-Proceedings
PublisherAssociation for Computing Machinery (ACM)
Number of pages11
ISBN (Electronic)9781450389952
Publication statusPublished - 26 Oct 2020
Event2020 New Security Paradigms Workshop - Online, United States
Duration: 26 Oct 202029 Oct 2020

Publication series

NameACM International Conference Proceeding Series


Workshop2020 New Security Paradigms Workshop
Abbreviated titleNSPW 2020
Country/TerritoryUnited States


  • Cyber Security
  • DevSecOps
  • Secure Software Development
  • Social Practice Theory
  • noissn
  • RCUK
  • ESRC
  • ES/N009614/1
  • EP/P01166711


Dive into the research topics of 'Putting the sec in DevSecOps: using social practice theory to improve secure software development'. Together they form a unique fingerprint.

Cite this