Security in Online Freelance Software Development: A case for
Distributed Security Responsibility
- URL: http://arxiv.org/abs/2307.06066v1
- Date: Wed, 12 Jul 2023 10:35:27 GMT
- Title: Security in Online Freelance Software Development: A case for
Distributed Security Responsibility
- Authors: Irum Rauf and Tamara Lopez and Thein Tun and Marian Petre and Bashar
Nuseibeh
- Abstract summary: There is paucity of research on how freelance developers adhere to security practices.
We argue for the case of distributed security responsibilities in online freelance environment.
Research has the potential to bring forth existing security solutions to wider developer community.
- Score: 10.123578004071952
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Secure software is a cornerstone to safe and resilient digital ecosystems. It
offers strong foundation to protect users' sensitive data and guard against
cyber-threats. The rapidly increasing landscape of digital economy has
encouraged developers from different socio-technical and socio-economic
backgrounds to join online freelance marketplaces. While, secure software
practices facilitate software developers in developing secure software, there
is paucity of research on how freelance developers adhere to security practices
and how they can be facilitated to improve their security behavior in
under-resourced environments. Moreover, freelance developers are often held
responsible for producing insecure code. In this position paper, we review
existing literature and argue for the case of distributed security
responsibilities in online freelance environment. We propose a research agenda
aimed at offering an organized and systematic effort by researchers to address
security needs and challenges of online freelance marketplaces. These include:
characterising software security and defining separation of responsibilities,
building trust in online freelance development communities, leveraging the
potential of online freelancing platforms in the promotion of secure software
development and building adaptive security interventions for online freelance
software development. The research has the potential to bring forth existing
security solutions to wider developer community and deliver substantial
benefits to the broader security ecosystem.
Related papers
- Agent-Driven Automatic Software Improvement [55.2480439325792]
This research proposal aims to explore innovative solutions by focusing on the deployment of agents powered by Large Language Models (LLMs)
The iterative nature of agents, which allows for continuous learning and adaptation, can help surpass common challenges in code generation.
We aim to use the iterative feedback in these systems to further fine-tune the LLMs underlying the agents, becoming better aligned to the task of automated software improvement.
arXiv Detail & Related papers (2024-06-24T15:45:22Z) - A Survey of Third-Party Library Security Research in Application Software [3.280510821619164]
With the widespread use of third-party libraries, associated security risks and potential vulnerabilities are increasingly apparent.
Malicious attackers can exploit these vulnerabilities to infiltrate systems, execute unauthorized operations, or steal sensitive information.
Research on third-party libraries in software becomes paramount to address this growing security challenge.
arXiv Detail & Related papers (2024-04-27T16:35:02Z) - Bridging Gaps, Building Futures: Advancing Software Developer Diversity and Inclusion Through Future-Oriented Research [50.545824691484796]
We present insights from SE researchers and practitioners on challenges and solutions regarding diversity and inclusion in SE.
We share potential utopian and dystopian visions of the future and provide future research directions and implications for academia and industry.
arXiv Detail & Related papers (2024-04-10T16:18:11Z) - The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge.
This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI)
We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
arXiv Detail & Related papers (2024-01-03T07:47:22Z) - The Inner Workings of Windows Security [4.424739166856966]
The year 2022 saw a significant increase in Microsoft vulnerabilities, reaching an all-time high in the past decade.
This project aims to investigate the vulnerabilities of the Windows Operating System and explore the effectiveness of key security features.
Based on the results, this study will provide recommendations for mitigation strategies to enhance system security and strengthen the protection provided by Windows security features.
arXiv Detail & Related papers (2023-12-23T03:35:57Z) - Secure Software Development: Issues and Challenges [0.0]
The digitization of our lives proves to solve our human problems as well as improve quality of life.
Hackers aim to steal the data of innocent people to use it for other causes such as identity fraud, scams and many more.
The goal of a secured system software is to prevent such exploitations from ever happening by conducting a system life cycle.
arXiv Detail & Related papers (2023-11-18T09:44:48Z) - Investigate how developers and managers view security design in software [0.0]
We interviewed a team of 7 developers and 2 managers, who worked in two teams to build a real-life software product that was recently compromised by a cyber-attack.
We obtained their views on the reasons for the successful attack by the malware and took their recommendations on the important aspects to consider regarding security.
arXiv Detail & Related papers (2023-10-22T22:44:02Z) - Embedded Software Development with Digital Twins: Specific Requirements
for Small and Medium-Sized Enterprises [55.57032418885258]
Digital twins have the potential for cost-effective software development and maintenance strategies.
We interviewed SMEs about their current development processes.
First results show that real-time requirements prevent, to date, a Software-in-the-Loop development approach.
arXiv Detail & Related papers (2023-09-17T08:56:36Z) - Defending against cybersecurity threats to the payments and banking
system [0.0]
The proliferation of cyber crimes is a huge concern for various stakeholders in the banking sector.
To prevent risks of cyber-attacks on software systems, entities operating within cyberspace must be identified.
This paper will examine various approaches that identify assets in cyberspace, classify the cyber threats, provide security defenses and map security measures to control types and functionalities.
arXiv Detail & Related papers (2022-12-15T11:55:11Z) - Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance.
We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems.
We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z) - Trustworthy AI Inference Systems: An Industry Research View [58.000323504158054]
We provide an industry research view for approaching the design, deployment, and operation of trustworthy AI inference systems.
We highlight opportunities and challenges in AI systems using trusted execution environments.
We outline areas of further development that require the global collective attention of industry, academia, and government researchers.
arXiv Detail & Related papers (2020-08-10T23:05:55Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.