Our second stakeholder meeting in November 2023 brought together software developers from larger companies and from SME's. Through a series of workshop exercises we discussed with them what security by design means for them and for the organisations they work for.

This report offers an anonymized overview of these discussions, how software developers' minds on what security is can be expanded and what is lacking in the current approach on security by design.

Authors Cristina Del Real, Els De Busser and Bibi van den Berg published their systematic literature review on the definition of security by design and how it compares to privacy by design. In the peer-reviewed article we discuss how existing research from different disciplines looks at security by design and privacy by design and why this leads to divergences and convergences. Our main conclusion is that the definition of security by design is unclear, causing software developers to fill in the concept themselves. Privacy by design has a clearer definition that was endorsed by one author who also gave it more specific guardrails.

The article is published in Computer Law and Security Review and freely accessible via the link below.

C-SIDe project team member Jasmijn Boeken published an opinion piece on how compliance differs from security. She makes an argument for moving from compliance to real security by implementing a care-based stakeholder approach in cyber security for companies. This will assist companies in ethical decision-making and taking responsibility.

Project team members Arina Kudriavtseva and Olga Gadyatskaya published their research titled Secure Software Development Methodologies: A Multivocal Literature Review. Analyzing 28 secure software methodologies from the industry, government and academia, they concluded on what the security practices are. A particular part of the research is the focus on auxiliary or non-technical practices including organizational, behavioral, legal, policy and governance aspects that are incorporated into the methodologies.

‍

Cristina Del-Real, Els De Busser and Bibi van den Berg of the Project C-SIDE team have registered their protocol for a systematic review on security by design and related concepts. This interdisciplinary and integrative review of security by design will provide essential input for the conceptual framework of the C-SIDE methodology.

Our protocol is freely available to download. Follow the link below.