Challenges in Developing Secure Software -- Results of an Interview Study in the German Software Industry

The damage caused by cybercrime makes the development of secure software inevitable. Although many tools and frameworks exist to support the development of secure software, statistics on cybercrime show no improvement in recent years. To understand the challenges software companies face in developing secure software, we conducted an interview study with 19 industry experts from 12 cross-industry companies. The results of our study show that the challenges are mainly due to high complexity, a lack of security awareness, and unsuitable processes, which are further exacerbated by an immediate lack of skilled personnel. This article presents our study and the challenges we identified, and derives potential research directions from them.