Software Development Processes for ADs, SMCs and OSCs supporting Usability, Security, and Privacy Goals - an Overview

Publication
ARES 2021, SSC Workshop: The 16th International Conference on Availability, Reliability and Security, Virtual Event, August 17-20, 2021

Abstract

Software applications should be secure, usable and privacy-friendly. However, recurring headlines about data leaks in applications show that it is not so easy to develop software that meets these three challenges. Studies show that it is better to think about these challenges during a software development process. Many ideas and approaches exist in the research community that define these challenges as goals within a software development process. In addition, major companies have published their own software development processes and methods addressing these goals in part. But major companies have very different work conditions compared to a work setting faced by an App-Developer (AD), a Small and Medium Company (SMC) and the Open Source Community (OSC) respectively. This leads us to the question: Are work settings of ADs, SMCs, or the OSCs considered sufficiently by research in order to make software development processes with special focus on security, usability and privacy goals work? Therefore we performed a literature review in order to investigate the current state of research. Using an appropriate query, publications relevant for our question were identified and categorised by two independent reviewers.

Our work shows that there are some publications proposing software processes supporting usability goals and taking work settings into account. We were not able to identify any contribution that proposes a software development process which addresses privacy, usability and security goals together and differentiates the work setting of ADs or as found in SMCs and in OSCs respectively.