Riding the Wave: Using the New Interest in Software Security to Engage and Learn with Industry

Charles Weir
Lancaster University

Tuesday 16 April 2019
14:30 - 15:30
Room 1.70
Earl Mountbatten Building

Abstract

GDPR, Facebook, T-Mobile, Heartbleed, WannaCry, E-Payment Fraud, £650 million bank robbery: public and business appreciation of the dangers of ‘cyber’ security and privacy issues have increased massively in the last few years. Changes in technology have made perimeter security insufficient; developers and product management must now be involved, requiring skills and knowledge not traditionally taught to cyber security experts. This creates opportunities for research organisations to contribute significantly to solutions; and a large demand from industry for anything that can help. But how can we as researchers ride this wave of demand?

Charles’ talk will provide a basis to consider this question. He’ll introduce the Magid project at Lancaster University: the building and testing of an intervention package to help development teams improve security. He’ll discuss three powerful research techniques not usual in software research; how they recruited a dozen different industry teams to trial the techniques; and some of the results they found.

Bio

Charles Weir is a Researcher at Security Lancaster, within Lancaster University, UK. He is passionate about improving the security skills of teams of professional software developers, and has contributed to a dozen peer-reviewed publications in the three years since he started academic research. Previously he set up the mobile application development company, Penrillian, and ran it successfully for 15 years, employing up to thirty people and with a total turnover well over £20M. Charles also helped introduce object-oriented and agile methods to the UK, and was technical lead for the world’s first smartphone.

Host: Manuel Maarek