The rapid diffusion of software systems into all aspects of human life has exacerbated security threats and thus amplified the requirement for proactive approaches for designing security as a default. Following evidence from previous studies, indicating organizational climate as a key influencer on developers’ security mindsets and behaviors, this study was focused on examining the relationship between team security climate level and developers’ actual practices when addressing security threats during software development. The empirical study was conducted in a defense software development organization and included a survey questionnaire completed by 212 developers from 50 software teams. The results were compared to managers’ evaluations regarding the implementation level of security mechanisms in the teams’ development. The findings indicate a positive relationship between team security climate level and the implementation level of security mechanisms in the teams' software development and that team productivity climate moderates this relationship. The results also reveal that team security climate mediates the association between manager–developer relationships and the implementation level of security mechanisms in software development. The study provides support to organizational climate theory and to the specific scale of organizational security climate, demonstrating the predictive validity of this scale, and sheds light on the influence of leadership and competitive facets on security engineering.

中文翻译：

---

探索团队安全氛围在实施安全设计中的作用：国防部门案例研究


软件系统迅速扩散到人类生活的各个方面，加剧了安全威胁，从而加大了对主动设计安全默认方法的需求。根据之前的研究证据，表明组织氛围是开发人员安全心态和行为的关键影响因素，本研究的重点是检查团队安全氛围水平与开发人员在软件开发过程中解决安全威胁时的实际做法之间的关系。该实证研究是在一家国防软件开发组织中进行的，其中包括由来自 50 个软件团队的 212 名开发人员填写的调查问卷。将结果与管理者对团队发展中安全机制实施水平的评估进行比较。研究结果表明，团队安全氛围水平与团队软件开发中安全机制的实施水平之间存在正相关关系，并且团队生产力氛围调节了这种关系。结果还表明，团队安全氛围调节管理者与开发人员关系与软件开发中安全机制实施水平之间的关联。该研究为组织氛围理论和组织安全氛围的具体规模提供了支持，证明了该规模的预测有效性，并揭示了领导力和竞争方面对安全工程的影响。