View article

A large number of software security vulnerabilities are caused by software errors that are committed by software developers. We believe that interactive tool support will play an important role in aiding software developers to develop more secure software. However, an in-depth understanding of how and why software developers produce security bugs is needed to design such tools. We conducted a semi-structured interview study on 15 professional software developers to understand their perceptions and behaviors related to software security. Our results reveal a disconnect between developers' conceptual understanding of security and their attitudes regarding their personal responsibility and practices for software security.