Challenges in Developing Secure Software -- Results of an Interview Study in the German Software Industry

TL;DR

This study investigates the challenges faced by the German software industry in developing secure software, highlighting issues like complexity, lack of security awareness, unsuitable processes, and skill shortages.

Contribution

It provides empirical insights from interviews with industry experts, identifying key challenges and suggesting future research directions in secure software development.

Findings

High complexity hampers secure software development

Lack of security awareness among developers

Skill shortages exacerbate security challenges

Abstract

The damage caused by cybercrime makes the development of secure software inevitable. Although many tools and frameworks exist to support the development of secure software, statistics on cybercrime show no improvement in recent years. To understand the challenges software companies face in developing secure software, we conducted an interview study with 19 industry experts from 12 cross-industry companies. The results of our study show that the challenges are mainly due to high complexity, a lack of security awareness, and unsuitable processes, which are further exacerbated by an immediate lack of skilled personnel. This article presents our study and the challenges we identified, and derives potential research directions from them.