Abstract for: Cybersecurity Dynamics in Software Development Environment: What system traps do exist?

Increasing dependency on information technology and an increasing number of cyber-attacks give rise to concerns about secure software development methods. Building system dynamics models we research and compare the structure underlying the behaviour relevant to security software developments for both agile and traditional software delivery methods. The difference between these models is related to the key characteristics of these methods, but not to the security aspects itself. Both dynamic models show similar structures to developing software and cybersecurity dynamics. Our study shows that network externalities may evoke the acceptance trap. The acceptance trap begins when insecure software is brought into production and is actively used, because if software is available, it can generate income, while further security development will cost more money.Further model quantification, validation, and policy evaluation should provide further insights and recommendations to resolve the acceptance trap.