AppSecure.nrw Software Security Study
Stefan Dziwok, Thorsten Koch, Sven Merschjohann, Boris Budweg and, Sebastian Leuer
TL;DR
This study investigates the state of software security in German companies, revealing challenges like low awareness and lack of competence that threaten the security of software products.
Contribution
It provides empirical insights into the gaps and challenges in secure software development practices among German companies.
Findings
Low awareness of security issues among stakeholders
Inaccurate self-assessment of security practices
Lack of competence in secure development
Abstract
In recent years, the World Economic Forum has identified software security as the most significant technological risk to the world's population, as software-intensive systems process critical data and provide critical services. This raises the question of the extent to which German companies are addressing software security in developing and operating their software products. This paper reports on the results of an extensive study among developers, product owners, and managers to answer this question. Our results show that ensuring security is a multi-faceted challenge for companies, involving low awareness, inaccurate self-assessment, and a lack of competence on the topic of secure software development among all stakeholders. The current situation in software development is therefore detrimental to the security of software products in the medium and long term.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInformation and Cyber Security · Software Engineering Techniques and Practices · Advanced Malware Detection Techniques