Preprint Article Version 1 Preserved in Portico This version is not peer-reviewed

Security-Focused Prototyping: A Natural Precursor to Secure Development

Version 1 : Received: 15 March 2021 / Approved: 16 March 2021 / Online: 16 March 2021 (09:24:24 CET)

How to cite: Attwood, S.; Onumah, N.; Paxton-Fear, K.; Kharel, R. Security-Focused Prototyping: A Natural Precursor to Secure Development. Preprints 2021, 2021030406 (doi: 10.20944/preprints202103.0406.v1). Attwood, S.; Onumah, N.; Paxton-Fear, K.; Kharel, R. Security-Focused Prototyping: A Natural Precursor to Secure Development. Preprints 2021, 2021030406 (doi: 10.20944/preprints202103.0406.v1).

Abstract

Secure development is a proactive approach to cyber security. Rather than building a technological solution and then securing it in retrospect, secure development strives to embed good security practices throughout the development process and thereby reduces risk. Unfortunately, evidence suggests secure development is complex, costly, and limited in practice. This article therefore introduces security-focused prototyping as a natural precursor to secure development that embeds security at the beginning of the development process, can be used to discover domain specific security requirements, and can help organisations navigate the complexity of secure development such that the resources and commitment it requires are better understood. Two case studies–one considering the creation of a bespoke web platform and the other considering the application layer of an Internet of Things system–verify the potential of the approach and its ability to discover domain specific security requirements in particular. Future work could build on this work by conducting case studies to further verify the potential of security-focused prototyping and even investigate its capacity to be used as a tool capable of reducing a broader, socio-technical, kind of risk.

Subject Areas

cyber security; secure development; prototyping; web security; internet of things; software security; digitalization; socio-technical security

Comments (0)

We encourage comments and feedback from a broad range of readers. See criteria for comments and our diversity statement.

Leave a public comment
Send a private comment to the author(s)
Views 0
Downloads 0
Comments 0
Metrics 0


×
Alerts
Notify me about updates to this article or when a peer-reviewed version is published.
We use cookies on our website to ensure you get the best experience.
Read more about our cookies here.