This study investigates the critical relationship between organizational system
development policies, procedures and processes and the resulting security quality
of the systems developed. We draw from a general software quality model to
provide a theoretical foundation for testing this relationship. We used paperbased survey as well as online surveys to collect data from software developers
and project managers. Our results revealed a significant relationship between
management support and security policies and development process control. We
also found significant relationships between development-process control and
security quality, attitude and security quality, and the interaction between value
congruence and commitment to provide security skills development. Counterintuitively, we did not find a significant relationship between either security policy
and security quality or the interaction between security policy and its legitimacy
as perceived by systems development personnel. The managerial implications of
the study include the need to foster a climate of security skills development
through training for system development personnel and also simultaneously find
strategies to more closely align their values to the security goals of the
organization. Additionally, providing management support to formulate
guidelines for development process control can improve the security quality of the
systems developed.
