Article Review #2
Isabella Holloway
March 30, 2025
Article Review #2: The Role of Knowledge and Motivation in Strengthening Software Security
Introduction
This article review looks at the “Software Security in Practice: Knowledge and Motivation” by Hala Assal,
Srivathsan G Morkonda, Muhammad Zaid Arif, and Sonia Chiasson. The study was published in the
International Journal of Cybersecurity and focuses on the interlaced roles of developers’ security
knowledge and their motivation in executing secure coding practices.
Principles of Social Science Relation
The study relates to social science principles by studying human behavior, particularly how software
developers’ motivation and knowledge impact their security practices. It also evaluates organizational
behavior by analyzing how workplace environments and cultural factors affect developers’ interactions
with security protocols. Lastly, it considers how knowledge acquisition impacts professional conduct
within societal structures.
Hypotheses and Research Questions
How do developers gain security knowledge? Developers usually gain security knowledge by learning
from peers, trial and error, and self-teaching. Developers mainly rely on online resources and on-the-job
experience because of the lack of formal education in secure coding and peer mentorship is useful but
not always available.
What motivates them to follow secure development practices? Personal interest and a sense of
responsibility leads to a better adoption of secure practices, rather than motivation based on fear, rules,
or external pressure.
Methods of Research
The qualitative research design was used by organizing 17 semi-structured interviews with software
developers. They used thematic analysis to identify patterns in how developers learn, what drives their
behavior, and how their work environments impact security practices.
Data and Analysis
Developers typically lack formal training and instead rely on informal learning methods. A majority of
developers are motivated when they feel responsible for protecting users, while others feel disconnected
from security outcomes. Supportive organizational culture particularly impacted how much attention
developers gave to secure coding.
Class Concepts Connection
The article ties in class concepts like intrinsic vs. extrinsic motivation, informal learning, and how
institutions shape behavior. It also reflects discussions on workplace norms and organizational
responsibility.
Marginalized Groups and Social Implications
Access to security training and mentorship is not always equal. Developers from underrepresented
backgrounds like women or those without a formal computer science degree may encounter less
opportunities to connect with experienced mentors or have fewer opportunities to learn secure coding
practices. Workplace culture can also make it harder for marginalized individuals to voice their opinion
about security concerns or suggestions for improvement.
Societal Contributions
This study helps us understand that keeping software secure isn’t just about knowing the right coding
techniques. It’s also about how people think and work. It shows that when developers feel motivated
and supported, they’re more likely to care about writing secure code. It also encourages companies to
not only teach security but also build a work environment where developers want to follow practices.
Conclusion
The “Software Security in Practice: Knowledge and Motivation” article shows that software security isn’t
just a technical problem, but a human one. Developers need more than knowledge; they need
supportive environments and meaningful motivation. Organizations that recognize this can better
protect their users and strengthen cybersecurity overall.
References
Assal, H., Morkonda, S. G., Arif, M. Z., & Chiasson, S. (2025). Software security in practice: Knowledge and
motivation. Journal of Cybersecurity. https://doi.org/10.1093/cybsec/tyaf005
https://academic.oup.com/cybersecurity
Software security in practice: knowledge and motivation | Journal of Cybersecurity | Oxford Academic