Security by Design
Nowadays, security is of utmost importance for nearly all software systems. Whether a software system relies on secure database connections to store confidential user data, or must restrict access to certain user groups, developers must constantly be aware of security features such as access control and encryption. Selecting and planning the appropriate security features that suits the needs for the software system is no trivial task. Although sophisticated libraries exist to embed these security features in the system, they must be carefully integrated into the system by a developer. This process is prone to human error because developers are rarely security experts, or off-the-shelf libraries do not suit their needs. These challenges often result in security being neglected and pushed to the end of the software development lifecycle rather than being integrated into the development processes, where the implementation costs are lower.
We want to investigate how companies implement security in their software projects, and identify the challenges they face.
Interview Study
We conducted interviews with 26 professional software developers, security engineers, software architects, and project managers. We collected valuable insights into how companies handle the challenges they face when implementing security for software systems. Our findings are concerning. Most companies struggle to implement security features because of resource constraints and a lack of knowledge about them.
Our goal is to shed light on how we can effectively help them in providing solutions to overcome these challenges.
You can access our paper, which we published at the International Conference on Software Engineering (ICSE) here: https://doi.org/10.1109/ICSE55347.2025.0018
How you can help us in a quick 15-minute survey
While our interview study provided valuable insights, it also raised many new questions about the engineering of security features. We are currently conducting a survey on how companies handle the implementation of security features, and how we can help you in overcoming challenges you face. Whether you are a software developer actively working in writing code for security features, or a project manager overseeing this process, we invite anyone involved in any steps of the development of security features.
You can access our survey here: http://survey.ruhr-uni-bochum.de/index.php/825132?lang=en
If you have any questions, please contact: kevin.hermann@rub.de