Motivating Jenny Developer Security Toolkit

Improving the security culture relies on sensitising developers to security. For code to be more secure, developers need to learn how to recognise that security is needed and to apply the knowledge they have from awareness and skills training within the specific situations.

The Motivating Jenny Project has designed four interventions and produced four supporting packs for practitioners to adopt and adapt these interventions for their own purposes and context. Each of these has been developed iteratively through interactions with practitioners.

• Security in the World: a card-based workshop to relate different views of real-world security incidents to participants’ own values and experiences using structured discussions of real-world incidents.

• Security in the Community: guidelines to help developers adapt their use of Stack Overflow and other online forums to achieve security.

• Security and Me: a questionnaire designed to identify different attitudes to software security, to form a basis of discussion and reflection.

• Security between Us: a modelling workshop to promote learning and discovery about a team’s own projects and the context within which security is embedded.