A Cross-role Analysis on Security Efforts and Constraints of Software Development Projects

In this study, we quantitatively analyzed security efforts and constraints of software development projects through an online survey of of software development professionals from the US (N=307). We revealed how certain characteristics of a development project, such as the project’s contractual relationships, influence security efforts and constraints. In addition, by comparing the survey results of two groups (developers and managers), we revealed how the gap in their security efforts and constraints influences software security. We believe the results provide insights toward designing usable measures to assist security-related decision-making in software development and conducting an appropriate survey targeting software development professionals.