Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Home
  • Attend
    • Registration Information
    • Registration Discounts
    • Venue, Hotel, and Travel
    • Students and Grants
  • Program
    • At a Glance
    • Symposium Program
    • 2nd Workshop on Security Information Workers
    • Who Are You?! Adventures in Authentication
    • Workshop on Privacy Indicators
    • Workshop on Security Fatigue
    • Workshop on the Future of Privacy Notices and Indicators: Will Drones Deliver My Privacy Policy?
  • Activities
    • Poster Session
    • Birds-of-a-Feather Sessions
  • Sponsorship
  • Participate
    • Instructions for Authors and Speakers
    • Call for Nominations
    • Call for Papers
    • Call for Posters and Proposals
      • Call for Papers: 2nd Workshop on Security Information Workers
      • Call for Papers: Who are you?! Adventures in Authentication
      • Call for Papers: Workshop on Privacy Indicators
      • Call for Papers: Workshop on Security Fatigue
      • Workshop: Will Drones Deliver My Privacy Policy?
  • About
    • Organizers
    • Past Symposia

sponsors

Gold Sponsor
Silver Sponsor
Silver Sponsor
Bronze Sponsor
Media Sponsor
Media Sponsor
Industry Partner
  • Home
  • Attend
  • Program
  • Activities
  • Sponsorship
  • Participate
  • About

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » Penetration Tests a Turning Point in Security Practices? Organizational Challenges and Implications in a Software Development Team
Tweet

connect with us

Penetration Tests a Turning Point in Security Practices? Organizational Challenges and Implications in a Software Development Team

Authors: 

Sven Türpe, Laura Kocksch, and Andreas Poller, Fraunhofer SIT

Abstract: 

Many software vendors conduct or commission penetration testing of their products. In a penetration test security experts identify entry points for attacks in a software product. The audits can be an eye-opener for development teams: they realize that security requires much more attention. However, it is unclear what lasting bene fits developers can reap from penetration tests. We report from a one-year study of a penetration test and its aftermath at a major software vendor, and ask how an agile development team managed to incorporate the test findings. Results suggest that penetration tests improve developers' security awareness, but long-lasting change of development practices is hampered if security is not properly reflected in the communicative and collaborative structures of the organization, e.g. by a dedicated stakeholder. Based on our findings we suggest improvements to current penetration test consultancies by addressing communication and organizational factors in software development.

Sven Türpe, Fraunhofer SIT

Laura Kocksch, Fraunhofer SIT

Andreas Poller, Fraunhofer SIT

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {197850,
author = {Sven Türpe and Laura Kocksch and Andreas Poller},
title = {Penetration Tests a Turning Point in Security Practices? Organizational Challenges and Implications in a Software Development {Team}},
booktitle = {Twelfth Symposium on Usable Privacy and Security (SOUPS 2016)},
year = {2016},
address = {Denver, CO},
url = {https://www.usenix.org/conference/soups2016/workshop-program/wsiw16/presentation/turpe},
publisher = {USENIX Association},
month = jun,
}
Download
Türpe PDF
  • Log in or    Register to post comments

Gold Sponsors

Silver Sponsors

Bronze Sponsors

Media Sponsors & Industry Partners

© USENIX

  • Privacy Policy
  • Contact Us