Abstract
Background/Objectives Inclusion of security in software development from the initial design phase has not been consistently addressed by the software developers. As a result there is an abundance of software systems with weak security. The objective of this study is to find out factors influencing developer\'s intention to adopt secure software development practices. Methodology: This study is based on qualitative research methodology. Interviews were conducted from the professionals working at senior positions at Malaysian software development organization. All the interviews were first transcribed, as they were digitally recorded. Then transcribed data was analyzed in a way that all frequent words or repetitive concepts were highlighted, after which many similar or relevant concepts were grouped together and categorized as themes and sub themes. Findings: The data was analyzed using the thematic analysis method. The results revealed five main themes, whereas each main theme has subthemes. These subthemes are parameters to justify the main theme. Main themes were identified in the light of the interviewee\'s response. The main results include interviewee\'s demographic characteristics, and then the main themes identified include, Adoption of SSD practices, Influencing authorities, Motivating Factors, Attitude towards SSD, Hindrances / Issues towards SSD Adoption. Sub themes included: Security Culture, Change Management, Applications of SSD, Managers, Security Expert, Training, Incentives, Security Awareness, Performance Expectancy, Facilitating Conditions, Demographic Characteristics, Need to use SSD, No clear guidelines, Strict Project Timeline, Lack of Security knowledge. The overall interview results show that secure software development practices adoption level in most part of the software industry is not up to the satisfactory level. Novelty/Applications: This research explores the factors impeding theimplementation of the best security practices, and barriers to secure software development practices adoption. This study can be used as guideline to be followed for the implementation of secure software development practices in software industry.Keywords: Secure software development adoption; organizational factors; software developer intention; security development; software security
Highlights
Software applications are often produced in the fastest and cheapest way, with no or little focus on security
All of them specialize in programming and software development, but they belong to different organizations
This study revealed that there is a lack of vision, a lack of clear-cut guidelines from the top management of their firm and sometimes there are no clear guidelines on policy matters regarding security to incorporate in the developing systems
Summary
Software applications are often produced in the fastest and cheapest way, with no or little focus on security. Software security is a relatively new field and has been pointed as an afterthought. The software is released, and the security problems that are found during its usage are fixed. Fixing system risks and vulnerabilities after software development cost high for developers and users. This fact can be observed when reading the release notes of a software product, which usually indicate some patches to fix vulnerabilities. The problem with this reactive approach is that there could be potential consequences with the exploitation of the discovered breaches such as brand reputation damage and money losses
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
