Facilitating Security Champions in software projects - an experience report from Visma (PROFES 2023 - Industry Papers ) - PROFES 2023

Sun 10 - Wed 13 December 2023 Dornbirn, Austria

Who

Anh Nguyen Duc, Daniela Cruzes, Hege Aalvik, Monica Iovan

Track

PROFES 2023 Industry Papers

Time Zone

The program is currently displayed in (GMT+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna.

Use conference time zone: (GMT+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, ViennaSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

When

Tue 12 Dec 2023 11:30 - 11:40 at W211 - Software Development and Project Management Chair(s): Davide Taibi

Abstract

The role of security practices is increasingly recognized in fast-paced software development paradigms in contributing to overall software security. Security champions have emerged as a promising role in addressing the dearth of explicit security activities within software teams. Despite the growing awareness of general security practices, there remains limited knowledge regarding security champions, including their establishment, effectiveness, challenges, and best practices.

This paper aims to bridge this gap by presenting insights from a survey of 73 security champions and 11 interviews conducted within a large Norwegian software house. Through this study, we explore the diverse activities undertaken by security champions, highlighting notable differences in motivations and task descriptions between voluntary and assigned champions.

We also reported challenges with onboarding, communication, and training security champions and how they can be better supported in the organization. Our insight can be relevant for similar software houses in establishing, implementing, and improving their strategic security programs.

Anh Nguyen Duc

University College of Southeast Norway

Norway

Daniela Cruzes

Norwegian University of Science and Technology

Hege Aalvik

Norwegian University of Science and Technology

Norway

Monica Iovan

Visma

Romania

Time Zone

The program is currently displayed in (GMT+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna.

Use conference time zone: (GMT+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, ViennaSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Session Program

Tue 12 Dec
Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

	11:00 - 12:30	Software Development and Project ManagementResearch Papers / Organization / Short Papers and Posters / Industry Papers at W211 Chair(s): Davide Taibi University of Oulu and Tampere University

	11:00 10m Research paper		Virtual Reality Collaboration Platform for Agile Software Development Research Papers Enes Yigitbas Paderborn University, Iwo Witalinski Paderborn University, Sebastian Gottschalk Paderborn University, Gregor Engels Paderborn University
	11:10 10m Research paper		Effects of Ways of Working on Changes to Understanding of Benefits – Comparing Projects and Continuous Product Development Research Papers Sinan Tanilkan Norwegian Computing Center, Jo Hannay Simula Research Laboratory
	11:20 10m Research paper		To Memorize or to Document: A Survey of Developers’ Views on Knowledge Availability Research Papers Jacob Krüger Eindhoven University of Technology, Regina Hebig University of Rostock
	11:30 10m Industry talk		Facilitating Security Champions in software projects - an experience report from Visma Industry Papers Anh Nguyen Duc University College of Southeast Norway, Daniela Cruzes Norwegian University of Science and Technology , Hege Aalvik Norwegian University of Science and Technology, Monica Iovan Visma
	11:40 10m Research paper		Benefits and Challenges of an Internal Corporate Accelerator in a Software Company: An Action-Research Study Research Papers Vanessa Lopes Abreu Universidade Federal do Pará, Anderson Jorge Serra Costa Universidade Federal do Pará, André Luiz Coelho Pinheiro Universidade Federal do Pará, Cleidson de Souza Vale Institute of Technology and Federal University of Pará Belém
	11:50 10m Short-paper		A Process for Scenario Prioritization and Selection in Simulation-Based Safety Testing of Automated Driving Systems Short Papers and Posters Fauzia Khan University of Tartu, Hina Anwar University of Tartu, Dietmar Pfahl University of Tartu
	12:00 10m Research paper		The Journey to Serverless Migration: An Empirical Analysis of Intentions, Strategies, and Challenges Research Papers Muhammad Hamza Lappeenranta-Lahti University of Technology (LUT), Muhammad Azeem Akbar LUT University, Kari Smolander LUT University
	12:10 10m Research paper		On the Role of Font Formats in Building Efficient Web Applications Research Papers Benedikt Dornauer University of Innsbruck; University of Cologne, Wolfgang Vigl University of Innsbruck, Michael Felderer German Aerospace Center (DLR) & University of Cologne
	12:20 10m Research paper		Web Image Formats: Assessment of Their Real-World-Usage and Performance across Popular Web Browsers Research Papers Benedikt Dornauer University of Innsbruck; University of Cologne, Michael Felderer German Aerospace Center (DLR) & University of Cologne