Locasto, MichaelChukuka, Benedict2016-01-052016-01-052016-01-052015http://hdl.handle.net/11023/2723We consider the forces of ethical regulation and developer licensing in a software liability attribution regime as two factors that may influence the information security discipline. We conduct investigations that serve to provide insight into how these forces may play out in a regulatory environment of the future. Our first investigation entails a broad survey of ethical policies governing information security courses, and thus, the student trainee experience. We demonstrate the feasibility of fusing current divergent ethical policies into a standard policy on information security. Accordingly, we derive an ethical policy prototype that is based on the common elements of 329 different ethical policies. In our second investigation, we demonstrate a model for determining security reputation scores for individual software developers based on historical introduction of security bugs into source code. We employ information on 1,119 security bugs to compute developer reputation scores across 9 open source software development projects.engUniversity of Calgary graduate students retain copyright ownership and moral rights for their thesis. You may use this material in any way that is permitted by the Copyright Act or through licensing that has been assigned to the document. For uses that are not allowable under copyright legislation or licensing, you are required to seek permission.Computer ScienceInformation TechnologyEthicsCodes of ConductEthical AgreementsPoliciesDeveloper Licensingmaster thesis10.11575/PRISM/28180