PROFES 2023
Sun 10 - Wed 13 December 2023 Dornbirn, Austria
Tue 12 Dec 2023 11:30 - 11:40 at W211 - Software Development and Project Management Chair(s): Davide Taibi

The role of security practices is increasingly recognized in fast-paced software development paradigms in contributing to overall software security. Security champions have emerged as a promising role in addressing the dearth of explicit security activities within software teams. Despite the growing awareness of general security practices, there remains limited knowledge regarding security champions, including their establishment, effectiveness, challenges, and best practices.

This paper aims to bridge this gap by presenting insights from a survey of 73 security champions and 11 interviews conducted within a large Norwegian software house. Through this study, we explore the diverse activities undertaken by security champions, highlighting notable differences in motivations and task descriptions between voluntary and assigned champions.

We also reported challenges with onboarding, communication, and training security champions and how they can be better supported in the organization. Our insight can be relevant for similar software houses in establishing, implementing, and improving their strategic security programs.

Tue 12 Dec

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

11:00 - 12:30
Software Development and Project ManagementResearch Papers / Organization / Short Papers and Posters / Industry Papers at W211
Chair(s): Davide Taibi University of Oulu and Tampere University
11:00
10m
Research paper
Virtual Reality Collaboration Platform for Agile Software Development
Research Papers
Enes Yigitbas Paderborn University, Iwo Witalinski Paderborn University, Sebastian Gottschalk Paderborn University, Gregor Engels Paderborn University
11:10
10m
Research paper
Effects of Ways of Working on Changes to Understanding of Benefits – Comparing Projects and Continuous Product Development
Research Papers
Sinan Tanilkan Norwegian Computing Center, Jo Hannay Simula Research Laboratory
11:20
10m
Research paper
To Memorize or to Document: A Survey of Developers’ Views on Knowledge Availability
Research Papers
Jacob Krüger Eindhoven University of Technology, Regina Hebig University of Rostock
11:30
10m
Industry talk
Facilitating Security Champions in software projects - an experience report from Visma
Industry Papers
Anh Nguyen Duc University College of Southeast Norway, Daniela Cruzes Norwegian University of Science and Technology , Hege Aalvik Norwegian University of Science and Technology, Monica Iovan Visma
11:40
10m
Research paper
Benefits and Challenges of an Internal Corporate Accelerator in a Software Company: An Action-Research Study
Research Papers
Vanessa Lopes Abreu Universidade Federal do Pará, Anderson Jorge Serra Costa Universidade Federal do Pará, André Luiz Coelho Pinheiro Universidade Federal do Pará, Cleidson de Souza Vale Institute of Technology and Federal University of Pará Belém
11:50
10m
Short-paper
A Process for Scenario Prioritization and Selection in Simulation-Based Safety Testing of Automated Driving Systems
Short Papers and Posters
Fauzia Khan University of Tartu, Hina Anwar University of Tartu, Dietmar Pfahl University of Tartu
12:00
10m
Research paper
The Journey to Serverless Migration: An Empirical Analysis of Intentions, Strategies, and Challenges
Research Papers
Muhammad Hamza Lappeenranta-Lahti University of Technology (LUT), Muhammad Azeem Akbar LUT University, Kari Smolander LUT University
12:10
10m
Research paper
On the Role of Font Formats in Building Efficient Web Applications
Research Papers
Benedikt Dornauer University of Innsbruck; University of Cologne, Wolfgang Vigl University of Innsbruck, Michael Felderer German Aerospace Center (DLR) & University of Cologne
12:20
10m
Research paper
Web Image Formats: Assessment of Their Real-World-Usage and Performance across Popular Web Browsers
Research Papers
Benedikt Dornauer University of Innsbruck; University of Cologne, Michael Felderer German Aerospace Center (DLR) & University of Cologne