About Us

Developing software is no longer the domain of the select few with deep technical skills, training and knowledge. A wide range of people from diverse backgrounds are developing software for smart phones, websites and IoT devices used by millions of people. Johnny is our psuedonymous for such a developer. Currently, little is understood about the security behaviours and decision-making processes of Johnny engaging in software development.

The overall aim of this EPSRC-funded project is to develop an empirically-grounded theory of secure software development by the masses. Our focus is on understanding:

• what typical classes of security vulnerabilities arise from Johnny's mistakes (v),
• why these mistakes occur (b) and
• how we may mitigate these issues and promote secure behaviours (i).