Infiltrating Security into Development:Exploring the World’s Largest Software Security Study

Recent years have seen rapid increases in cybercrime. The use of effective software security activities plays an important part in preventing the harm involved. Objective research on industry use of software security practices is needed to help development teams, academic researchers, and educators to focus their activities. Since 2008, a team of researchers, including two of the authors, has been gathering objective data on the use of 121 software security activities. The Building Security In Maturity Model (BSIMM) study explores the activity use of 675,000 software developers, in companies including some of the world’s largest and most security-focused. Our analysis of the study data shows little consistent growth in security activity adoption industry-wide until 2015. Since then, the data shows a strong increasing trend, along with the adoption of new activities to support cloud-based deployment, an emphasis on component security, and a reduction in security professionals’ policing role. Exploring patterns of adoption, activities related to detecting and responding to vulnerabilities are adopted marginally earlier than activities related to preventing vulnerabilities; and activities related to particular job roles tend to be used together. We also found that 12 developer security activities are adopted early, together, and notably more often than any others. From these results, we offer recommendations for software and security engineers, and corresponding education and research suggestions for academia. These recommendations offer a strong contribution to improving security in development teams in the future

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse

Regulatory limitations and global stakeholder mapping of carbon capture and storage technology – a legal and multi-level perspective analysis

Carbon Capture and Sequestration Technology (CCS) is propounded as one of the key bridging technologies and temporary abatement measure in the battle against climate change. Not only is it based on well-established technology, used and improved upon for decades in the fossil fuels industry, but it also has the potential to remove vast quantities of CO2 from the atmosphere giving much needed alleviation away from climate tipping points. Despite these advantages, CCS has been slow to start and easy to stall, with financial risk and uncertainty, lack of regulatory cohesion and a disjointed policy mix all playing a part in impeding its commercialization. Systems Thinking and Transition Theory in particular have been widely adopted as methodologies which have the potential to elucidate the barriers to development in socio-technical systems of the likes of CCS. Using one such theory - Multi-Level Perspective Analysis - as an analytical framework, an in-depth investigation was performed of both the ‘Niche’ and ‘Regime’ of CCS. This was undertaken through a comprehensive legal and regulatory analysis and a global survey of 604 stakeholders involved in research and development throughout the technology chain. The combined examination of the legal and stakeholder system boundaries is used to set the ‘chessboard’ and ‘pieces’ upon which further analysis of the ‘combinations’ of moves open to CCS will be revealed. In essence, the regulatory and stakeholder configurations, which most lend themselves to CCS technology development, are explored and elucidated. This is done with the aim to address the knowledge gaps in the legal and regulatory requirements necessary for implementing CCS on a wider scale, as identified by the Intergovernmental Panel on Climate Change (IPCC, 2005).Open Acces

Eleventh International Conference on the Bearing Capacity of Roads, Railways and Airfields

Innovations in Road, Railway and Airfield Bearing Capacity – Volume 2 comprises the second part of contributions to the 11th International Conference on Bearing Capacity of Roads, Railways and Airfields (2022). In anticipation of the event, it unveils state-of-the-art information and research on the latest policies, traffic loading measurements, in-situ measurements and condition surveys, functional testing, deflection measurement evaluation, structural performance prediction for pavements and tracks, new construction and rehabilitation design systems, frost affected areas, drainage and environmental effects, reinforcement, traditional and recycled materials, full scale testing and on case histories of road, railways and airfields. This edited work is intended for a global audience of road, railway and airfield engineers, researchers and consultants, as well as building and maintenance companies looking to further upgrade their practices in the field