Security in software : How software companies work with security during a software development process

Abstract: This study is conducted, due to recent interest in privacy and software security, on how a number of software development companies work during a development process to develop secure software to the possible extent. The study is based on four interviews with four software companies located in Linköping, Sweden. The interviews followed a semi-structured format to ensure the possibility to compare the given answers from the companies to each other. This structure was chosen to give each company the liberty to express what they valued and thought were important during a software development process. The aim was to analyze how and if these companies work with security when developing software, and to see what differences and similarities that could be established. We found differences between the companies' perspective of security and on their methods of working. Some valued secure software more than others and performed more measures to ensure it. We also found some similarities on their view on importance of secure software and ways to work with it. The differences and similarities were related to the size of the companies, their resources, the types of products they develop, and the types of clients they have.