Cyber security centre to research 'developer-friendly' approaches

Written by Rebecca Hill on 13 December 2016 in News

The National Cyber Security Centre is concerned that conversations about cyber security are being missed from the development process

Cyber security - Image credit: UK Government

Developers are avoiding discussions on cyber security risks because they are too hard, too slow and too expensive, according to the National Cyber Security Centre.

A blog post on the centre’s website sets out the centre’s plans to work with the Research Institute for the Science of Cyber Security (RISCS) – which was formed as part of the UK’s cyber security strategy and involves four UK universities – to improve its understanding of developers and the development process.

It said that developers need to be supported to make better security decisions, and that in order to do so, security professionals needed to understand how developers work.


Updated UK cyber security strategy to narrow the gap between convenience and security

National Cyber Security Centre tells public sector domain owners to improve email security

Scottish school pupils learn about cyber security in Christmas lectures

As a reminder of the competing demands developers are under, the post noted that they have to consider the requests of the chief executive, security practitioners, accountants, legal experts and safety consultants, as well as having to consider the needs of the end user.

In addition, it said, not all developers have domain expertise in cryptography, or the knowledge they need to navigate past all the potential security pitfalls in a range of tools.

They are also under pressure to get code into production on an almost continuous basis – it notes that, for example, Amazon released 50 million changes in 2014, equivalent to more than one a second.

All of this “causes headaches” for developers, it said. “Add to this a constantly adjusting threat landscape, and we’ve a situation where the conversations around security risk being left out because they are too hard, too slow and too expensive.”

In order to address this, the centre has said it plans to create a multidisciplinary community of academics, practitioners and government experts that will research the challenges faced by developers.

“Whilst stamping our feet and cursing developers might be cathartic, it clearly isn’t having much effect,” the post said.

“We need to invest time and effort into understanding developers and the development process, so that we can re-focus our efforts on creating developer-friendly approaches.

"We need to motivate and support these professionals to make better security decisions.”

The centre plans to issue a call to the community for research proposals that RISCS will fund over the next financial year to improve the situation. 




Related Articles

Technology industry signs up to support start-ups through TechX accelerator in Aberdeen
17 October 2017

Seventy industry leaders and organisations have offered to support start-ups at the Oil and Gas Technology Centre’s new tech accelerator

UK Government urged to create artificial intelligence programme for the public sector
17 October 2017

A UK Government-commissioned study of AI recommends asking GDS to help create a scheme to boost public sector use of artificial intelligence

Automation to have less impact on public sector jobs than others, report claims
29 September 2017

A study from Nesta and Oxford University predicts that fewer public sector jobs will be lost to automation than in other industries

Share this page