Security thinking in online freelance software development

Online freelance software development (OFSD) is a significant part of the software industry and is a thriving online economy; a recent survey by Stack Overflow reported that nearly 15% are independent contractors, freelancers, or self-employed. Although security is an important quality requirement for the social sustainability of software, existing studies have shown differences in the way security issues are handled by developers working in OFSD compared to those working in organisational environments. This paper investigates the security culture of OFSD developers, and identifies significant themes in how security is conceived, practiced, and compensated. Based on in-depth interviews with 20 freelance (FL) developers, we report that (a) security thinking is evident in descriptions of their work, (b) security thinking manifests in different ways within OFSD practice, and (c) the dynamics of the freelance evelopment ecosystem influence financial investment in secure development. Our findings help to understand the reasons why insecure software development is evident in freelance development, and they contribute toward developing security interventions that are tailored to the needs of freelance software developers.