From Thesis to Practice: Strengthening Software Security
Written by Iiris Joutsi
Consultant
Our Security Consultant, Iiris Joutsi, explored developers’ understanding of secure software development in her master’s thesis. The thesis was awarded with the best information security thesis of 2024. Dive into Iiris’ insights in this blog post!
I was finishing my master’s studies at Aalto University when I started working at Huld. I was majoring in Security and Cloud Computing and working with the same topics, so I was able to write my thesis at work. The title of my thesis was Developers’ understanding on secure software development. Writing my thesis at Huld was a very pleasant experience. I got all the tooling needed to conduct the study. I could spend one day a week fully focusing on my thesis.
Secure Development Lifecycle (SDL) in focus
My thesis described how training on the Secure Development Lifecycle (SDL) affects developers’ understanding on the principles of secure software. The role of software and software security today is unquestionable, and developers have an essential role in maintaining security. Software development includes various phases, from requirements formulation and design to implementation and testing and, finally, maintenance. SDL systematically integrates security into all these phases.
Key insights – The gap between responsibility and expertise
One of the most significant findings in my thesis was that software developers take most of the responsibility for software security. However, most commonly they lack the security expertise and resources to conduct it comprehensively. According to developers, a lot of other stakeholders in software development could also benefit from similar trainings.
The literature review is a synthesis of the software security best practices in each phase of the development process. The synthesis can be used by developers to get introduced to software security. The thesis not only recognises an existing knowledge gap in the field but proposes a solution to it. This is increasingly important now that EU strives to improve the overall level of information security via legislation, such as NIS2 and CRA.
My thesis was awarded by Finnish Information Security Association (Tietoturva ry) as the best information security related master’s thesis of 2024. The applications are evaluated based on their security content, novelty and practical applicability, the grade, and other content and scope of the work.
As we continue to navigate the complexities of secure software development it is crucial to stay on top of potential threats and vulnerabilities. Our cybersecurity experts will help you secure your development practices, whether that be introducing SDL practices into software development or industrial processes. Our professionals are specialised in relevant cybersecurity standards, such as ISA/IEC 62443-4-1 Industrial Control System Cybersecurity.