Challenges in Developing Secure Software -- Results of an Interview Study in the German Software Industry

• URL: http://arxiv.org/abs/2512.07368v1
• Date: Mon, 08 Dec 2025 10:05:08 GMT
• Title: Challenges in Developing Secure Software -- Results of an Interview Study in the German Software Industry
• Authors: Alex R. Mattukat, Timo Langstrof, Horst Lichter,
• Abstract summary: The damage caused by cybercrime makes the development of secure software inevitable.<n>We conducted an interview study with 19 industry experts from 12 cross-industry companies.<n>The results of our study show that the challenges are mainly due to high complexity, a lack of security awareness, and unsuitable processes.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The damage caused by cybercrime makes the development of secure software inevitable. Although many tools and frameworks exist to support the development of secure software, statistics on cybercrime show no improvement in recent years. To understand the challenges software companies face in developing secure software, we conducted an interview study with 19 industry experts from 12 cross-industry companies. The results of our study show that the challenges are mainly due to high complexity, a lack of security awareness, and unsuitable processes, which are further exacerbated by an immediate lack of skilled personnel. This article presents our study and the challenges we identified, and derives potential research directions from them.

Related papers

• S3C2 SICP Summit 2025-06: Vulnerability Response Summit [51.90004414779634]
  Researchers from the NSF-supported Secure Software Supply Chain Center (S3C2) and the Software Innovation Campus Paderborn (SICP) conducted a Vulnerability Response Summit.<n>The goal of the Summit is to enable sharing between industry practitioners having practical experiences and challenges with software supply chain security.
  arXiv  Detail & Related papers  (2025-12-02T10:05:41Z)
• International AI Safety Report 2025: First Key Update: Capabilities and Risk Implications [118.49965571969089]
  This update examines how AI capabilities have improved since the first AI Safety Report.<n>It focuses on key risk areas where substantial new evidence warrants updated assessments.
  arXiv  Detail & Related papers  (2025-10-15T15:13:49Z)
• S3C2 Summit 2024-09: Industry Secure Software Supply Chain Summit [50.93790634176803]
  Over the past several years, there has been an exponential increase in cyberattacks targeting software supply chains.<n>The ever-evolving threat of software supply chain attacks has garnered interest from the software industry and the US government.<n>Three researchers from the NSF-backed Secure Software Supply Chain Center (S3C2) conducted a Secure Software Supply Chain Summit with a diverse set of 12 practitioners from 9 companies.
  arXiv  Detail & Related papers  (2025-05-15T17:48:14Z)
• Towards Trustworthy GUI Agents: A Survey [64.6445117343499]
  This survey examines the trustworthiness of GUI agents in five critical dimensions.<n>We identify major challenges such as vulnerability to adversarial attacks, cascading failure modes in sequential decision-making.<n>As GUI agents become more widespread, establishing robust safety standards and responsible development practices is essential.
  arXiv  Detail & Related papers  (2025-03-30T13:26:00Z)
• Security Challenges of Complex Space Applications: An Empirical Study [0.0]
  I investigate the security challenges of the development and management of complex space applications. I discuss the four most critical security challenges identified by the interviewed experts: verification of software artifacts, verification of the deployed application, single point of security failure, and data tampering by trusted stakeholders. I propose future research of new DevSecOps strategies, practices, and tools which would enable better methods of software integrity verification in the space and defense industries.
  arXiv  Detail & Related papers  (2024-08-15T10:02:46Z)
• An Industry Interview Study of Software Signing for Supply Chain Security [5.433194344896805]
  We study the challenges that affect the effective implementation of software signing in practice.<n>We highlight the different challenges-technical, organizational, and human-that hamper software signing implementation.
  arXiv  Detail & Related papers  (2024-06-12T13:30:53Z)
• Position: How Regulation Will Change Software Security Research [3.8165295526908243]
  We argue that software engineering research needs to provide better tools and support that helps industry comply with the new standards. We argue for a stronger cooperation between legal scholars and computer scientists.
  arXiv  Detail & Related papers  (2024-06-06T15:16:44Z)
• Making Software Development More Diverse and Inclusive: Key Themes, Challenges, and Future Directions [50.545824691484796]
  We identify six themes around the theme challenges and opportunities to improve Software Developer Diversity and Inclusion (SDDI)<n>We identify benefits, harms, and future research directions for the four main themes.<n>We discuss the remaining two themes, Artificial Intelligence & SDDI and AI & Computer Science education, which have a cross-cutting effect on the other themes.
  arXiv  Detail & Related papers  (2024-04-10T16:18:11Z)
• Secure Software Development: Issues and Challenges [0.0]
  The digitization of our lives proves to solve our human problems as well as improve quality of life. Hackers aim to steal the data of innocent people to use it for other causes such as identity fraud, scams and many more. The goal of a secured system software is to prevent such exploitations from ever happening by conducting a system life cycle.
  arXiv  Detail & Related papers  (2023-11-18T09:44:48Z)
• Software Repositories and Machine Learning Research in Cyber Security [0.0]
  The integration of robust cyber security defenses has become essential across all phases of software development. Attempts have been made to leverage topic modeling and machine learning for the detection of these early-stage vulnerabilities in the software requirements process.
  arXiv  Detail & Related papers  (2023-11-01T17:46:07Z)
• Security for Machine Learning-based Software Systems: a survey of threats, practices and challenges [0.76146285961466]
  How to securely develop the machine learning-based modern software systems (MLBSS) remains a big challenge. latent vulnerabilities and privacy issues exposed to external users and attackers will be largely neglected and hard to be identified. We consider that security for machine learning-based software systems may arise from inherent system defects or external adversarial attacks.
  arXiv  Detail & Related papers  (2022-01-12T23:20:25Z)
• Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
  Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
  arXiv  Detail & Related papers  (2020-10-19T13:09:31Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.