Security in Online Freelance Software Development: A case for Distributed Security Responsibility

• URL: http://arxiv.org/abs/2307.06066v1
• Date: Wed, 12 Jul 2023 10:35:27 GMT
• Title: Security in Online Freelance Software Development: A case for Distributed Security Responsibility
• Authors: Irum Rauf and Tamara Lopez and Thein Tun and Marian Petre and Bashar Nuseibeh
• Abstract summary: There is paucity of research on how freelance developers adhere to security practices. We argue for the case of distributed security responsibilities in online freelance environment. Research has the potential to bring forth existing security solutions to wider developer community.
• Score: 10.123578004071952
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Secure software is a cornerstone to safe and resilient digital ecosystems. It offers strong foundation to protect users' sensitive data and guard against cyber-threats. The rapidly increasing landscape of digital economy has encouraged developers from different socio-technical and socio-economic backgrounds to join online freelance marketplaces. While, secure software practices facilitate software developers in developing secure software, there is paucity of research on how freelance developers adhere to security practices and how they can be facilitated to improve their security behavior in under-resourced environments. Moreover, freelance developers are often held responsible for producing insecure code. In this position paper, we review existing literature and argue for the case of distributed security responsibilities in online freelance environment. We propose a research agenda aimed at offering an organized and systematic effort by researchers to address security needs and challenges of online freelance marketplaces. These include: characterising software security and defining separation of responsibilities, building trust in online freelance development communities, leveraging the potential of online freelancing platforms in the promotion of secure software development and building adaptive security interventions for online freelance software development. The research has the potential to bring forth existing security solutions to wider developer community and deliver substantial benefits to the broader security ecosystem.

Related papers

• Continuous risk assessment in secure DevOps [0.24475591916185502]
  We argue how secure DevOps could profit from engaging with risk related activities within organisations. We focus on combining Risk Assessment (RA), particularly Threat Modelling (TM) and apply security considerations early in the software life-cycle.
  arXiv  Detail & Related papers  (2024-09-05T10:42:27Z)
• Enhancing Software Supply Chain Resilience: Strategy For Mitigating Software Supply Chain Security Risks And Ensuring Security Continuity In Development Lifecycle [0.0]
  This article delves into the strategic approaches and preventive measures necessary to safeguard the software supply chain against evolving threats. It aims to foster an understanding of the challenges and vulnerabilities inherent in software supply chain resilience. The article contributes to the ongoing effort to strengthen the security posture of software supply chains.
  arXiv  Detail & Related papers  (2024-07-08T18:10:47Z)
• Agent-Driven Automatic Software Improvement [55.2480439325792]
  This research proposal aims to explore innovative solutions by focusing on the deployment of agents powered by Large Language Models (LLMs) The iterative nature of agents, which allows for continuous learning and adaptation, can help surpass common challenges in code generation. We aim to use the iterative feedback in these systems to further fine-tune the LLMs underlying the agents, becoming better aligned to the task of automated software improvement.
  arXiv  Detail & Related papers  (2024-06-24T15:45:22Z)
• A Survey of Third-Party Library Security Research in Application Software [3.280510821619164]
  With the widespread use of third-party libraries, associated security risks and potential vulnerabilities are increasingly apparent. Malicious attackers can exploit these vulnerabilities to infiltrate systems, execute unauthorized operations, or steal sensitive information. Research on third-party libraries in software becomes paramount to address this growing security challenge.
  arXiv  Detail & Related papers  (2024-04-27T16:35:02Z)
• Bridging Gaps, Building Futures: Advancing Software Developer Diversity and Inclusion Through Future-Oriented Research [50.545824691484796]
  We present insights from SE researchers and practitioners on challenges and solutions regarding diversity and inclusion in SE. We share potential utopian and dystopian visions of the future and provide future research directions and implications for academia and industry.
  arXiv  Detail & Related papers  (2024-04-10T16:18:11Z)
• The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
  Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge. This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI) We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
  arXiv  Detail & Related papers  (2024-01-03T07:47:22Z)
• Secure Software Development: Issues and Challenges [0.0]
  The digitization of our lives proves to solve our human problems as well as improve quality of life. Hackers aim to steal the data of innocent people to use it for other causes such as identity fraud, scams and many more. The goal of a secured system software is to prevent such exploitations from ever happening by conducting a system life cycle.
  arXiv  Detail & Related papers  (2023-11-18T09:44:48Z)
• Investigate how developers and managers view security design in software [0.0]
  We interviewed a team of 7 developers and 2 managers, who worked in two teams to build a real-life software product that was recently compromised by a cyber-attack. We obtained their views on the reasons for the successful attack by the malware and took their recommendations on the important aspects to consider regarding security.
  arXiv  Detail & Related papers  (2023-10-22T22:44:02Z)
• Embedded Software Development with Digital Twins: Specific Requirements for Small and Medium-Sized Enterprises [55.57032418885258]
  Digital twins have the potential for cost-effective software development and maintenance strategies. We interviewed SMEs about their current development processes. First results show that real-time requirements prevent, to date, a Software-in-the-Loop development approach.
  arXiv  Detail & Related papers  (2023-09-17T08:56:36Z)
• Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
  Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
  arXiv  Detail & Related papers  (2020-10-19T13:09:31Z)
• Trustworthy AI Inference Systems: An Industry Research View [58.000323504158054]
  We provide an industry research view for approaching the design, deployment, and operation of trustworthy AI inference systems. We highlight opportunities and challenges in AI systems using trusted execution environments. We outline areas of further development that require the global collective attention of industry, academia, and government researchers.
  arXiv  Detail & Related papers  (2020-08-10T23:05:55Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.