Security Thinking in Online Freelance Software Development

Rauf, Irum; Petre, Marian; Tun, Thein; Lopez, Tamara and Nuseibeh, Bashar (2023). Security Thinking in Online Freelance Software Development. In: IEEE/ACM 45th International Conference on Software Engineering: Software Engineering in Society (ICSE-SEIS), 14-20 May 2023, Melbourne, Australia, pp. 13–24.

DOI: https://doi.org/10.1109/ICSE-SEIS58686.2023.00008

Abstract

Online freelance software development (OFSD) is a significant part of the software industry and is a thriving online economy; a recent survey by Stack Overflow reported that nearly 15% of developers are independent contractors, freelancers, or self-employed. Although security is an important quality requirement for the social sustainability of software, existing studies have shown differences in the way security issues are handled by developers working in OFSD compared to those working in organisational environments. This paper investigates the security culture of OFSD developers, and identifies significant themes in how security is conceived, practiced, and compensated. Based on in-depth interviews with 20 freelance (FL) developers, we report that (a) security thinking is evident in descriptions of their work, (b) security thinking manifests in different ways within OFSD practice, and (c) the dynamics of the freelance development ecosystem influence financial investment in secure development. Our findings help to understand the reasons why insecure software development is evident in freelance development, and they contribute toward developing security interventions that are tailored to the needs of freelance software developers.

Plain Language Summary

Online freelance software development (OFSD) is a significant part of the software industry and is a thriving online economy. Although security is an important quality requirement for the social sustainability of software, existing studies have shown differences in the way security issues are handled by developers working in OFSD compared to those working in organisational environments. Based on in-depth interviews with 20 freelance developers, this paper investigates the security culture of OFSD developers, and identifies significant themes in how security is conceived, practiced, and compensated.

Viewing alternatives

Download history

Metrics

Public Attention

Altmetrics from Altmetric

Number of Citations

Citations from Dimensions

Item Actions

Export

About