Secure Software Development Assimilation: Effects of External Pressures and Roles of Internal Factors

Drawing upon institutional theory, this article develops an extended model to test and verify the effects of external institutional pressures on Secure Software Development (SSD) assimilation and the roles of internal critical factors. The empirical results are based on 86 survey data from respondents of related organizations in United Kingdom, Hong Kong, and Mainland China who have related project experience about SSD. Results from partial least squares (PLS) analysis suggest that both mimetic and coercive pressures have indirect effects on SSD assimilation with the distal mediation of top management. Normative pressures positively affect SSD assimilation with the full mediation of secure software champion. Results also suggest that secure software champion plays another partial mediation between top management participation and SSD assimilation. This paper highlights the important role of secure software champion for its dually mediating effects on both external and internal forces during SSD assimilation process.