Security in Online Freelance Software Development: A case for Distributed Security Responsibility

TL;DR

This paper advocates for distributed security responsibilities in online freelance software development, emphasizing the need for systematic research to improve security practices and trust within these communities.

Contribution

It introduces a research agenda focused on characterizing security responsibilities, building trust, and developing adaptive security interventions for online freelance platforms.

Findings

Highlights the lack of research on security practices among freelance developers.

Proposes a systematic approach to distribute security responsibilities.

Suggests leveraging online platforms to promote secure development.

Abstract

Secure software is a cornerstone to safe and resilient digital ecosystems. It offers strong foundation to protect users' sensitive data and guard against cyber-threats. The rapidly increasing landscape of digital economy has encouraged developers from different socio-technical and socio-economic backgrounds to join online freelance marketplaces. While, secure software practices facilitate software developers in developing secure software, there is paucity of research on how freelance developers adhere to security practices and how they can be facilitated to improve their security behavior in under-resourced environments. Moreover, freelance developers are often held responsible for producing insecure code. In this position paper, we review existing literature and argue for the case of distributed security responsibilities in online freelance environment. We propose a research agenda aimed at offering an organized and systematic effort by researchers to address security needs and challenges of online freelance marketplaces. These include: characterising software security and defining separation of responsibilities, building trust in online freelance development communities, leveraging the potential of online freelancing platforms in the promotion of secure software development and building adaptive security interventions for online freelance software development. The research has the potential to bring forth existing security solutions to wider developer community and deliver substantial benefits to the broader security ecosystem.