Software developers’ secure coding needs in the financial sector : a case study

Software developers’ secure coding needs in the financial sector a case study

Tässä tutkimuksessa tarkastellaan ohjelmistokehittäjien tietoturvallisen koodaamisen osaamista ja koulutustarpeita. Tutkimuksen tavoitteena on selvittää ohjelmistokehittäjien koulutustaustaa, oman ammattiosaamisen kehittämiseen ja tietoturvallisen koodaamisen lisäkoulutukseen suhtautumista sekä heid...

Täydet tiedot

Bibliografiset tiedot
Päätekijä: Niinivirta, Nina
Muut tekijät: Informaatioteknologian tiedekunta, Faculty of Information Technology, Informaatioteknologia, Information Technology, Jyväskylän yliopisto, University of Jyväskylä
Aineistotyyppi: Pro gradu
Kieli:eng
Julkaistu: 2023
Aiheet:
secure coding
workplace learning
Kyberturvallisuus
601
rahoitusala
tapaustutkimus
ohjelmistokehitys
kyberturvallisuus
koulutus
financial sector
case study
software development
cyber security
education and training
Linkit: https://jyx.jyu.fi/handle/123456789/88682
_version_ 1826225725785505792
author Niinivirta, Nina
author2 Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_facet Niinivirta, Nina Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä Niinivirta, Nina Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_sort Niinivirta, Nina
datasource_str_mv jyx
description Tässä tutkimuksessa tarkastellaan ohjelmistokehittäjien tietoturvallisen koodaamisen osaamista ja koulutustarpeita. Tutkimuksen tavoitteena on selvittää ohjelmistokehittäjien koulutustaustaa, oman ammattiosaamisen kehittämiseen ja tietoturvallisen koodaamisen lisäkoulutukseen suhtautumista sekä heidän koulutustarpeitaan. Tutkimus toteutettiin kvalitatiivisen teemahaastattelun muodossa asiakasyrityksessä. Haastatteluihin osallistui viisi ohjelmistokehittäjää asiakasyrityksestä. Kaikilla haastatteluihin henkilöille oli vankka osaaminen tietoturvaosaamisen osalta, joten osallistujien ei voida ajatella edustavan perusjoukkoa laaja-alaisesti. Haastattelut analysoitiin laadullisin menetelmin teemoittelun avulla. Tutkimukseen osallistuneet henkilöt ovat saaneet aiemmissa opinnoissaan hyvin suppean koulutuksen tai olemattoman tietoturvaan liittyvän koulutukseen ja ammattitaito on enimmäkseen hankittu työn ohella käytännössä. Tämän lisäksi myös formaali lisäkoulutus on ollut vähäistä. Ohjelmistokehittäjät suhtautuvat oman ammattiosaamisen kehittämiseen positiivisesti ja kaikilla tutkimukseen osallistuneilla henkilöillä on korkea sisäinen motivaatio, joka ohjaa heitä uusien tietoturva-asioiden oppimisen osalta. Haastateltavat suhtautuvat innokkaasti ja positiivisesti oman ammattitaitonsa kehittämiseen siitä huolimatta, että he eivät aina koe työpaikalla tapahtuvia koulutuksia kiinnostaviksi. Tutkimukseen osallistuvat henkilöt toimivat finanssialalla, joka on osa kriittistä infrastruktuuria. Heidän järjestelmänsä sisältävät salassa pidettävää tietoa, joten on tietoturvataidot ohjelmoinnin osalta ovat merkittävä osa ohjelmistokehittäjien työnkuvaa. Tutkimuksen pitemmän aikavälin tavoitteena on, että sen tuloksia voidaan käyttää ohjelmistokehittäjien tietoturvakoulutuksen ja koulutuspolun kehittämiseen. This thesis examines software developers’ secure coding trainings and training needs in a case organization. The objective of the research is to discover the software developers’ educational background related to secure software development and secure coding, their attitudes towards developing own expertise and workplace training, and their secure coding training needs. The research was conducted with qualitative research design in a case organization, and the desired strategy of inquiry was a case study. Four employees from the case organization were interviewed. They all have years of expertise in secure software development; therefore, the participants cannot be seen as representing the population in broad sense. The interviews were analyzed using qualitative methods dividing subjects into themes. The interviewees have received very limited coding training in their previous studies and so is their professional expertise gained mainly through in practice alongside. The skills development has mainly relied on every individual’s personal interest, as the organization has not consistently provided workplace trainings. Software developers have a positive attitude towards developing their own professional expertise, and all the participants have a high intrinsic motivation that guides them in learning new. Even though workplace trainings are generally viewed negatively, self-development is perceived important. The participants in the study operate in the financial sector, which can be seen as critical infrastructure. Their systems contain confidential information. As a result, security skills are a significant part of the job description of software developers. The longer-term goal of the study is that its results can be used to develop secure coding training program for software developers.
first_indexed 2023-08-25T20:00:29Z
format Pro gradu
fullrecord [{"key": "dc.contributor.advisor", "value": "Siponen, Mikko", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Niinivirta, Nina", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2023-08-25T05:24:09Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2023-08-25T05:24:09Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2023", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/88682", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "T\u00e4ss\u00e4 tutkimuksessa tarkastellaan ohjelmistokehitt\u00e4jien tietoturvallisen koodaamisen osaamista ja koulutustarpeita. Tutkimuksen tavoitteena on selvitt\u00e4\u00e4 ohjelmistokehitt\u00e4jien koulutustaustaa, oman ammattiosaamisen kehitt\u00e4miseen ja tietoturvallisen koodaamisen lis\u00e4koulutukseen suhtautumista sek\u00e4 heid\u00e4n koulutustarpeitaan.\n\nTutkimus toteutettiin kvalitatiivisen teemahaastattelun muodossa asiakasyrityksess\u00e4. Haastatteluihin osallistui viisi ohjelmistokehitt\u00e4j\u00e4\u00e4 asiakasyrityksest\u00e4. Kaikilla haastatteluihin henkil\u00f6ille oli vankka osaaminen tietoturvaosaamisen osalta, joten osallistujien ei voida ajatella edustavan perusjoukkoa laaja-alaisesti. Haastattelut analysoitiin laadullisin menetelmin teemoittelun avulla.\n\nTutkimukseen osallistuneet henkil\u00f6t ovat saaneet aiemmissa opinnoissaan hyvin suppean koulutuksen tai olemattoman tietoturvaan liittyv\u00e4n koulutukseen ja ammattitaito on enimm\u00e4kseen hankittu ty\u00f6n ohella k\u00e4yt\u00e4nn\u00f6ss\u00e4. T\u00e4m\u00e4n lis\u00e4ksi my\u00f6s formaali lis\u00e4koulutus on ollut v\u00e4h\u00e4ist\u00e4.\n\nOhjelmistokehitt\u00e4j\u00e4t suhtautuvat oman ammattiosaamisen kehitt\u00e4miseen positiivisesti ja kaikilla tutkimukseen osallistuneilla henkil\u00f6ill\u00e4 on korkea sis\u00e4inen motivaatio, joka ohjaa heit\u00e4 uusien tietoturva-asioiden oppimisen osalta. Haastateltavat suhtautuvat innokkaasti ja positiivisesti oman ammattitaitonsa kehitt\u00e4miseen siit\u00e4 huolimatta, ett\u00e4 he eiv\u00e4t aina koe ty\u00f6paikalla tapahtuvia koulutuksia kiinnostaviksi.\n\nTutkimukseen osallistuvat henkil\u00f6t toimivat finanssialalla, joka on osa kriittist\u00e4 infrastruktuuria. Heid\u00e4n j\u00e4rjestelm\u00e4ns\u00e4 sis\u00e4lt\u00e4v\u00e4t salassa pidett\u00e4v\u00e4\u00e4 tietoa, joten on tietoturvataidot ohjelmoinnin osalta ovat merkitt\u00e4v\u00e4 osa ohjelmistokehitt\u00e4jien ty\u00f6nkuvaa. Tutkimuksen pitemm\u00e4n aikav\u00e4lin tavoitteena on, ett\u00e4 sen tuloksia voidaan k\u00e4ytt\u00e4\u00e4 ohjelmistokehitt\u00e4jien tietoturvakoulutuksen ja koulutuspolun kehitt\u00e4miseen.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "This thesis examines software developers\u2019 secure coding trainings and training needs in a case organization. The objective of the research is to discover the software developers\u2019 educational background related to secure software development and secure coding, their attitudes towards developing own expertise and workplace training, and their secure coding training needs.\n\nThe research was conducted with qualitative research design in a case organization, and the desired strategy of inquiry was a case study. Four employees from the case organization were interviewed. They all have years of expertise in secure software development; therefore, the participants cannot be seen as representing the population in broad sense. The interviews were analyzed using qualitative methods dividing subjects into themes.\n\nThe interviewees have received very limited coding training in their previous studies and so is their professional expertise gained mainly through in practice alongside. The skills development has mainly relied on every individual\u2019s personal interest, as the organization has not consistently provided workplace trainings. Software developers have a positive attitude towards developing their own professional expertise, and all the participants have a high intrinsic motivation that guides them in learning new. Even though workplace trainings are generally viewed negatively, self-development is perceived important.\n\nThe participants in the study operate in the financial sector, which can be seen as critical infrastructure. Their systems contain confidential information. As a result, security skills are a significant part of the job description of software developers. The longer-term goal of the study is that its results can be used to develop secure coding training program for software developers.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2023-08-25T05:24:09Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2023-08-25T05:24:09Z (GMT). No. of bitstreams: 0\n Previous issue date: 2023", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "68", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": null, "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "secure coding", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "workplace learning", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Software developers\u2019 secure coding needs in the financial sector : a case study", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202308254772", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.collaborator", "value": "business", "language": "", "element": "contractresearch", "qualifier": "collaborator", "schema": "yvv"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "yvv.contractresearch.initiative", "value": "business", "language": "", "element": "contractresearch", "qualifier": "initiative", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.copyright", "value": "\u00a9 The Author(s)", "language": null, "element": "rights", "qualifier": "copyright", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "restrictedAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "rahoitusala", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tapaustutkimus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "ohjelmistokehitys", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kyberturvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "koulutus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "financial sector", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "case study", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "software development", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cyber security", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "education and training", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.rights.accessrights", "value": "The author has not given permission to make the work publicly available electronically. Therefore the material can be read only at the archival workstation at Jyv\u00e4skyl\u00e4 University Library (https://kirjasto.jyu.fi/collections/archival-workstation).", "language": "en", "element": "rights", "qualifier": "accessrights", "schema": "dc"}, {"key": "dc.rights.accessrights", "value": "Tekij\u00e4 ei ole antanut lupaa avoimeen julkaisuun, joten aineisto on luettavissa vain Jyv\u00e4skyl\u00e4n yliopiston kirjaston arkistoty\u00f6semalta. Ks. https://kirjasto.jyu.fi/kokoelmat/arkistotyoasema..", "language": "fi", "element": "rights", "qualifier": "accessrights", "schema": "dc"}]
id jyx.123456789_88682
language eng
last_indexed 2025-02-18T10:55:16Z
main_date 2023-01-01T00:00:00Z
main_date_str 2023
publishDate 2023
record_format qdc
source_str_mv jyx
spellingShingle Niinivirta, Nina Software developers’ secure coding needs in the financial sector : a case study secure coding workplace learning Kyberturvallisuus 601 rahoitusala tapaustutkimus ohjelmistokehitys kyberturvallisuus koulutus financial sector case study software development cyber security education and training
title Software developers’ secure coding needs in the financial sector : a case study
title_full Software developers’ secure coding needs in the financial sector : a case study
title_fullStr Software developers’ secure coding needs in the financial sector : a case study Software developers’ secure coding needs in the financial sector : a case study
title_full_unstemmed Software developers’ secure coding needs in the financial sector : a case study Software developers’ secure coding needs in the financial sector : a case study
title_short Software developers’ secure coding needs in the financial sector
title_sort software developers secure coding needs in the financial sector a case study
title_sub a case study
title_txtP Software developers’ secure coding needs in the financial sector : a case study
topic secure coding workplace learning Kyberturvallisuus 601 rahoitusala tapaustutkimus ohjelmistokehitys kyberturvallisuus koulutus financial sector case study software development cyber security education and training
topic_facet 601 Kyberturvallisuus case study cyber security education and training financial sector koulutus kyberturvallisuus ohjelmistokehitys rahoitusala secure coding software development tapaustutkimus workplace learning
url https://jyx.jyu.fi/handle/123456789/88682 http://www.urn.fi/URN:NBN:fi:jyu-202308254772
work_keys_str_mv AT niinivirtanina softwaredeveloperssecurecodingneedsinthefinancialsectoracasestudy

Samankaltaisia teoksia