Abstract

Background: Software projects are facing the need to adopt security practices during the software development life cycle (SDLC). Nevertheless, the amount of effort to be invested in order to achieve a certain level of software security is not clear yet. Aims: The goal of this study is to get an overview of the application of software security practices in the industry and to identify the impact of the introduction of such activities in software development projects in terms of effort/cost. Method: We conducted a survey on a software security group of a professional social network by applying a random sampling strategy to establish a representative set of participants. Results: The questionnaire was fully answered by 110 participants, from the 808 profiles that were invited from the sampling frame. The results show that security practices have been applied thoroughly in the projects and revealed high variability in secure software development effort across the participants’ projects. Further research is needed to understand the different professionals’ perspectives regarding security effort in projects. As lessons learned, we found that the professional social network offered a demographically diverse sampling frame, but this comes with hurdles that need to be overcome. Conclusions: The experiences of the participants showed that security is a factor that drives effort in software projects, and security practices need to be taken into account when planning software development initiatives. Our findings about the current state of practices and adoptions can help practitioners and researchers in future endeavors.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.