Powered by OpenAIRE graph
Found an issue? Give us feedback
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/ ZENODOarrow_drop_down
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
ZENODO
Other literature type . 2025
License: CC BY
Data sources: ZENODO
ZENODO
Conference object . 2025
License: CC BY
Data sources: Datacite
ZENODO
Conference object . 2025
License: CC BY
Data sources: Datacite
 View all 2 versions
Claim

Characterizing the Security Culture of the Research Software Engineering Community

descriptionPublicationkeyboard_double_arrow_right Conference object , Other literature type 06 Oct 2025Publisher:Zenodo
Authors: Armstrong, Matthew; Carver, Jeffrey; Milewicz, Reed;

doi: 10.5281/zenodo.17294966 , 10.5281/zenodo.17294965

Characterizing the Security Culture of the Research Software Engineering Community

Abstract

The growing importance of research software heightens concerns about research software security, which will only intensify if not proactively addressed. Before any specific measures or interventions can be suggested, it is essential to understand the RSE community’s security behaviors, competencies, and values, collectively referred to as their ‘security culture’ [1]. While studying the climate and culture within a group of people is not a new concept or research topic, to our knowledge, no security culture research has taken place within the RSE community. In this study, we aim to characterize the security culture of the RSE community by replicating a prior work performed in the open-source software space [3]. To broaden our sample, we distributed this survey to RSE community members in both the US and Germany. By replicating an existing survey, we can compare the RSE community’s responses with those of the open-source community, which shares some characteristics with RSE [4-5]. In addition to the original survey, we added a series of vignettes to gauge the RSE community’s knowledge and perception of threat modeling, a standard “shift-left” approach to security. By doing so, we gauge RSE interest in participating in security efforts and motivate future security research in the research software domain. Ultimately, we surveyed 104 members of the RSE community, including both those in the US and Germany. To characterize RSE security culture, we ask the following research questions: RQ1: What is the security culture of the RSE community? RQ2: How does the RSE community’s security culture compare with the Open-Source Community’s security culture? RQ3: What is the perception among RSE community members on adopting threat modeling during development? The primary contributions of this study are: 1) A novel characterization of the RSE community’s security culture, 2) an empirical comparison of the security culture of RSEs and OSS developers, and 3) recommendations for internal and external stakeholders to improve RSE security culture. This study is a first step toward tailoring “shift-left” security principles to address the unique challenges that RSEs face.

Related Organizations
Keywords

Cybersecurity, Research Software Engineer, Security Culture

  • BIP!
    Impact byBIP!
    selected citations
    These citations are derived from selected sources.
    This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 0
    popularity
    This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
    		 Average
    influence
    This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 Average
    impulse
    This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
    		 Average
Powered by OpenAIRE graph
Found an issue? Give us feedback
selected citations
These citations are derived from selected sources.
This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Citations provided by BIP!
popularity
This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
BIP!Popularity provided by BIP!
influence
This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Influence provided by BIP!
impulse
This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
BIP!Impulse provided by BIP!
0
Average
Average
Average
Green