{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,31]],"date-time":"2026-01-31T17:12:26Z","timestamp":1769879546663,"version":"3.49.0"},"reference-count":76,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2023,9,22]],"date-time":"2023-09-22T00:00:00Z","timestamp":1695340800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM J. Comput. Sustain. Soc."],"published-print":{"date-parts":[[2023,9,30]]},"abstract":"<jats:p>Software security practices are critical in minimizing vulnerabilities and protecting unauthorized access to the code and the system. However, software security practices outside Western countries need to be better understood. This need for understanding security practices is further necessitated by the increased outsourcing of software development that can result in vulnerabilities on a global scale. This article addresses this gap, focusing on Bangladesh, a country that represents a booming software industry in the Global South. In this study, we conducted semi-structured interviews with 15 developers to understand their security perceptions and identify the factors influencing software security practices in Bangladesh. Our findings unpack how security fits in the local software development life cycle and shed light on the challenges deterring security practices in Bangladesh. Based on our results, we provide recommendations for developing situated and sustainable strategies to support software security practices in the local context.<\/jats:p>","DOI":"10.1145\/3616383","type":"journal-article","created":{"date-parts":[[2023,8,31]],"date-time":"2023-08-31T11:13:35Z","timestamp":1693480415000},"page":"1-24","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":13,"title":["A First Look into Software Security Practices in Bangladesh"],"prefix":"10.1145","volume":"1","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9012-6146","authenticated-orcid":false,"given":"Ankit","family":"Shrestha","sequence":"first","affiliation":[{"name":"Utah State University, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1523-163X","authenticated-orcid":false,"given":"Tanusree","family":"Sharma","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana Champaign, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2987-672X","authenticated-orcid":false,"given":"Pratyasha","family":"Saha","sequence":"additional","affiliation":[{"name":"University of Dhaka, Bangladesh"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2452-0687","authenticated-orcid":false,"given":"Syed Ishtiaque","family":"Ahmed","sequence":"additional","affiliation":[{"name":"University of Toronto, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5764-2253","authenticated-orcid":false,"given":"Mahdi Nasrullah","family":"Al-Ameen","sequence":"additional","affiliation":[{"name":"Utah State University, USA"}]}],"member":"320","published-online":{"date-parts":[[2023,9,22]]},"reference":[{"key":"e_1_3_3_2_2","doi-asserted-by":"publisher","DOI":"10.1145\/2901790.2901873"},{"key":"e_1_3_3_3_2","article-title":"Agile software development methods: Review and analysis","author":"Abrahamsson Pekka","year":"2017","unstructured":"Pekka Abrahamsson, Outi Salo, Jussi Ronkainen, and Juhani Warsta. 2017. Agile software development methods: Review and analysis. arXiv preprint arXiv:1709.08439 (2017).","journal-title":"arXiv preprint arXiv:1709.08439"},{"key":"e_1_3_3_4_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.52"},{"key":"e_1_3_3_5_2","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev.2016.013"},{"key":"e_1_3_3_6_2","doi-asserted-by":"publisher","DOI":"10.1002\/jac5.1441"},{"key":"e_1_3_3_7_2","doi-asserted-by":"publisher","DOI":"10.1145\/2909609.2909661"},{"key":"e_1_3_3_8_2","doi-asserted-by":"publisher","DOI":"10.1145\/3134652"},{"key":"e_1_3_3_9_2","doi-asserted-by":"publisher","DOI":"10.1145\/3025453.3025961"},{"key":"e_1_3_3_10_2","doi-asserted-by":"publisher","DOI":"10.1145\/2556288.2557376"},{"key":"e_1_3_3_11_2","doi-asserted-by":"publisher","DOI":"10.1145\/3378393.3402244"},{"key":"e_1_3_3_12_2","first-page":"297","volume-title":"Proceedings of the 11th USENIX Conference on Usable Privacy and Security (SOUPS\u201915)","author":"Alghamdi Deena","year":"2015","unstructured":"Deena Alghamdi, Ivan Flechais, and Marina Jirotka. 2015. Security practices for households bank customers in the kingdom of Saudi Arabia. In Proceedings of the 11th USENIX Conference on Usable Privacy and Security (SOUPS\u201915). USENIX Association, 297\u2013308."},{"key":"e_1_3_3_13_2","first-page":"1","volume-title":"Proceedings of the SOUPS Workshop on Security Information Workers (WSIW\u201918). USENIX Association","author":"Assal Hala","year":"2018","unstructured":"Hala Assal and Sonia Chiasson. 2018. Motivations and amotivations for software security. In Proceedings of the SOUPS Workshop on Security Information Workers (WSIW\u201918). USENIX Association. 1\u20134."},{"key":"e_1_3_3_14_2","first-page":"281","volume-title":"Proceedings of the 14th Symposium on Usable Privacy and Security (SOUPS\u201918)","author":"Assal Hala","year":"2018","unstructured":"Hala Assal and Sonia Chiasson. 2018. Security in the software development lifecycle. In Proceedings of the 14th Symposium on Usable Privacy and Security (SOUPS\u201918). 281\u2013296."},{"key":"e_1_3_3_15_2","first-page":"1","volume-title":"Proceedings of the CHI Conference on Human Factors in Computing Systems","author":"Assal Hala","year":"2019","unstructured":"Hala Assal and Sonia Chiasson. 2019. \u201cThink secure from the beginning\u201d\u2014A survey with software developers. In Proceedings of the CHI Conference on Human Factors in Computing Systems. 1\u201313."},{"key":"e_1_3_3_16_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-05563-8_1"},{"key":"e_1_3_3_17_2","unstructured":"BackOfficePro. 2017. Is Bangladesh a New Player in the Global Outsourcing Game? Retrieved from https:\/\/www.backofficepro.com\/blog\/bangladesh-a-new-player-in-the-global-outsourcing\/"},{"key":"e_1_3_3_18_2","volume-title":"Understanding Your Users: A Practical Guide to User Research Methods (2nd ed.)","author":"Baxter Kathy","year":"2015","unstructured":"Kathy Baxter, Catherine Courage, and Kelly Caine. 2015. Understanding Your Users: A Practical Guide to User Research Methods (2nd ed.). Morgan Kaufmann Publishers Inc., San Francisco, CA."},{"key":"e_1_3_3_19_2","volume-title":"Transforming Qualitative Information: Thematic Analysis and Code Development","author":"Boyatzis Richard E.","year":"1998","unstructured":"Richard E. Boyatzis. 1998. Transforming Qualitative Information: Thematic Analysis and Code Development. Sage, Thousand Oaks, CA."},{"key":"e_1_3_3_20_2","doi-asserted-by":"publisher","DOI":"10.1191\/1478088706qp063oa"},{"key":"e_1_3_3_21_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2016.95"},{"key":"e_1_3_3_22_2","first-page":"185","volume-title":"Proceedings of the 16th Symposium on Usable Privacy and Security (SOUPS\u201920)","author":"Chalhoub George","year":"2020","unstructured":"George Chalhoub, Ivan Flechais, Norbert Nthala, and Ruba Abu-Salma. 2020. Innovation inaction or in action? The role of user experience in the security and privacy design of smart home cameras. In Proceedings of the 16th Symposium on Usable Privacy and Security (SOUPS\u201920). 185\u2013204."},{"key":"e_1_3_3_23_2","doi-asserted-by":"publisher","DOI":"10.5555\/3235838.3235850"},{"key":"e_1_3_3_24_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.deveng.2017.12.002"},{"key":"e_1_3_3_25_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10606-017-9276-y"},{"key":"e_1_3_3_26_2","first-page":"165","volume-title":"Proceedings of the 16th Symposium on Usable Privacy and Security (SOUPS\u201920)","author":"Danilova Anastasia","year":"2020","unstructured":"Anastasia Danilova, Alena Naiakshina, Johanna Deuter, and Matthew Smith. 2020. Replication: On the ecological validity of online security developer studies: Exploring deception in a password-storage study with freelancers. In Proceedings of the 16th Symposium on Usable Privacy and Security (SOUPS\u201920). 165\u2013183."},{"key":"e_1_3_3_27_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2013.10.003"},{"key":"e_1_3_3_28_2","doi-asserted-by":"publisher","DOI":"10.1145\/2516604.2516626"},{"key":"e_1_3_3_29_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-35936-1_15"},{"key":"e_1_3_3_30_2","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516655"},{"key":"e_1_3_3_31_2","doi-asserted-by":"publisher","DOI":"10.1145\/2702123.2702442"},{"key":"e_1_3_3_32_2","doi-asserted-by":"publisher","DOI":"10.1145\/2335356.2335360"},{"key":"e_1_3_3_33_2","doi-asserted-by":"publisher","DOI":"10.1145\/1463788.1463807"},{"key":"e_1_3_3_34_2","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382204"},{"key":"e_1_3_3_35_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2016.111"},{"key":"e_1_3_3_36_2","doi-asserted-by":"publisher","DOI":"10.1145\/3392561.3394642"},{"key":"e_1_3_3_37_2","unstructured":"Shariful Islam. 2018. Digital Bangladesh a Reality Now. Retrieved from https:\/\/www.dhakatribune.com\/bangladesh\/2018\/07\/11\/digital-bangladesh-a-reality-now"},{"key":"e_1_3_3_38_2","unstructured":"Rashad Kabir. 2022. Bangladesh: Your Next Outsourcing Destination. Retrieved from https:\/\/www.thedailystar.net\/business\/economy\/news\/bangladesh-your-next-outsourcing-destination-2937426"},{"key":"e_1_3_3_39_2","first-page":"15","volume-title":"Proceedings of the Bangladesh Development Forum","author":"Karim Md Abdul","year":"2010","unstructured":"Md Abdul Karim. 2010. Digital Bangladesh for good governance. In Proceedings of the Bangladesh Development Forum.15\u201316."},{"key":"e_1_3_3_40_2","doi-asserted-by":"publisher","DOI":"10.1007\/11767831_16"},{"key":"e_1_3_3_41_2","doi-asserted-by":"publisher","DOI":"10.1109\/CHASE.2019.00023"},{"key":"e_1_3_3_42_2","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884790"},{"key":"e_1_3_3_43_2","doi-asserted-by":"publisher","DOI":"10.1145\/3313831.3376791"},{"key":"e_1_3_3_44_2","first-page":"119","article-title":"Privacy as contextual integrity","volume":"79","author":"Nissenbaum Helen","year":"2004","unstructured":"Helen Nissenbaum. 2004. Privacy as contextual integrity. Wash. L. Rev. 79 (2004), 119.","journal-title":"Wash. L. Rev."},{"key":"e_1_3_3_45_2","doi-asserted-by":"publisher","DOI":"10.1145\/3287098.3287107"},{"key":"e_1_3_3_46_2","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664254"},{"key":"e_1_3_3_47_2","first-page":"315","volume-title":"Proceedings of the 14th Symposium on Usable Privacy and Security (SOUPS\u201918)","author":"Oliveira Daniela Seabra","year":"2018","unstructured":"Daniela Seabra Oliveira, Tian Lin, Muhammad Sajidur Rahman, Rad Akefirad, Donovan Ellis, Eliany Perez, Rahul Bobhate, Lois A. DeLong, Justin Cappos, and Yuriy Brun. 2018. API blindspots: Why experienced developers write vulnerable code. In Proceedings of the 14th Symposium on Usable Privacy and Security (SOUPS\u201918). 315\u2013328."},{"key":"e_1_3_3_48_2","doi-asserted-by":"publisher","DOI":"10.5555\/2831143.2831159"},{"key":"e_1_3_3_49_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-40956-4_8"},{"issue":"1","key":"e_1_3_3_50_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3579595","article-title":"A deep dive into user\u2019s preferences and behavior around mobile phone sharing","volume":"7","author":"Paudel Rizu","year":"2023","unstructured":"Rizu Paudel, Prakriti Dumaru, Ankit Shrestha, Huzeyfe Kocabas, and Mahdi Nasrullah Al-Ameen. 2023. A deep dive into user\u2019s preferences and behavior around mobile phone sharing. Proc. ACM Hum.-comput. Interact 7, CSCW1 (2023), 1\u201322.","journal-title":"Proc. ACM Hum.-comput. Interact"},{"key":"e_1_3_3_51_2","first-page":"46","volume-title":"Proceedings of the New Security Paradigms Workshop","author":"Pieczul Olgierd","year":"2017","unstructured":"Olgierd Pieczul, Simon Foley, and Mary Ellen Zurko. 2017. Developer-centered security and the symmetry of ignorance. In Proceedings of the New Security Paradigms Workshop. 46\u201356."},{"key":"e_1_3_3_52_2","doi-asserted-by":"publisher","DOI":"10.1145\/3092368"},{"key":"e_1_3_3_53_2","first-page":"127","volume-title":"Proceedings of the 14th Symposium on Usable Privacy and Security (SOUPS\u201918)","author":"Sambasivan Nithya","year":"2018","unstructured":"Nithya Sambasivan, Garen Checkley, Amna Batool, Nova Ahmed, David Nemer, Laura Sanely Gayt\u00e1n-Lugo, Tara Matthews, Sunny Consolvo, and Elizabeth Churchill. 2018. \u201cPrivacy is not for me, it\u2019s for those rich women\u201d: Performative privacy practices on mobile phones by women in South Asia. In Proceedings of the 14th Symposium on Usable Privacy and Security (SOUPS\u201918). 127\u2013142."},{"key":"e_1_3_3_54_2","doi-asserted-by":"publisher","DOI":"10.1145\/1620545.1620570"},{"key":"e_1_3_3_55_2","doi-asserted-by":"publisher","DOI":"10.1145\/1978942.1978980"},{"key":"e_1_3_3_56_2","doi-asserted-by":"publisher","DOI":"10.1002\/nur.1025"},{"key":"e_1_3_3_57_2","unstructured":"Abul K. Shamsuddin. 2018. The Real Scenario of Internet Access. Retrieved from https:\/\/www.thedailystar.net\/opinion\/perspective\/the-real-scenario-internet-access-1611499"},{"key":"e_1_3_3_58_2","doi-asserted-by":"publisher","DOI":"10.1038\/s41591-020-0928-y"},{"key":"e_1_3_3_59_2","doi-asserted-by":"publisher","DOI":"10.1145\/3555763"},{"key":"e_1_3_3_60_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-35822-7_8"},{"key":"e_1_3_3_61_2","first-page":"221","volume-title":"Proceedings of the 16th Symposium on Usable Privacy and Security (SOUPS\u201920)","author":"Smith Justin","year":"2020","unstructured":"Justin Smith, Lisa Nguyen Quang Do, and Emerson Murphy-Hill. 2020. Why can\u2019t Johnny fix vulnerabilities: A usability evaluation of static analysis tools for security. In Proceedings of the 16th Symposium on Usable Privacy and Security (SOUPS\u201920). 221\u2013238."},{"key":"e_1_3_3_62_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2018.2810116"},{"key":"e_1_3_3_63_2","doi-asserted-by":"publisher","DOI":"10.1145\/3378393.3402235"},{"key":"e_1_3_3_64_2","doi-asserted-by":"publisher","DOI":"10.1145\/3411764.3445768"},{"key":"e_1_3_3_65_2","volume-title":"Proceedings of the 12th Symposium on Usable Privacy and Security (SOUPS\u201916)","author":"Thomas Tyler W.","year":"2016","unstructured":"Tyler W. Thomas, Heather Lipford, Bill Chu, Justin Smith, and Emerson Murphy-Hill. 2016. What questions remain? An examination of how developers understand an interactive static analysis tool. In Proceedings of the 12th Symposium on Usable Privacy and Security (SOUPS\u201916)."},{"key":"e_1_3_3_66_2","first-page":"617","volume-title":"Proceedings of the 17th Symposium on Usable Privacy and Security (SOUPS\u201921)","author":"Tuladhar Anwesh","year":"2021","unstructured":"Anwesh Tuladhar, Daniel Lende, Jay Ligatti, and Xinming Ou. 2021. An analysis of the role of situated learning in starting a security culture in a software company. In Proceedings of the 17th Symposium on Usable Privacy and Security (SOUPS\u201921). 617\u2013632."},{"key":"e_1_3_3_67_2","doi-asserted-by":"publisher","DOI":"10.1145\/3209811.3209818"},{"key":"e_1_3_3_68_2","doi-asserted-by":"publisher","DOI":"10.2307\/1321160"},{"issue":"1","key":"e_1_3_3_69_2","first-page":"166","article-title":"Privacy and freedom","volume":"25","author":"Westin Alan F.","year":"1968","unstructured":"Alan F. Westin. 1968. Privacy and freedom. Wash. Lee Law Rev. 25, 1 (1968), 166.","journal-title":"Wash. Lee Law Rev."},{"key":"e_1_3_3_70_2","unstructured":"Chamila Wijayarathna and Nalin A. G. Arachchilage. 2018. Am I Responsible for End-user\u2019s Security. Retrieved from https:\/\/wsiw2018.l3s.uni-hannover.de"},{"key":"e_1_3_3_71_2","first-page":"205","volume-title":"Proceedings of the 22nd International Conference on Evaluation and Assessment in Software Engineering","author":"Wijayarathna Chamila","year":"2018","unstructured":"Chamila Wijayarathna and Nalin A. G. Arachchilage. 2018. Why Johnny can\u2019t store passwords securely? A usability evaluation of Bouncycastle password hashing. In Proceedings of the 22nd International Conference on Evaluation and Assessment in Software Engineering. 205\u2013210."},{"key":"e_1_3_3_72_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2006.08.003"},{"key":"e_1_3_3_73_2","first-page":"89","volume-title":"Proceedings of the New Security Paradigms Workshop","author":"Wurster Glenn","year":"2008","unstructured":"Glenn Wurster and Paul C. Van Oorschot. 2008. The developer is the enemy. In Proceedings of the New Security Paradigms Workshop. 89\u201397."},{"key":"e_1_3_3_74_2","doi-asserted-by":"publisher","DOI":"10.1145\/2531602.2531722"},{"key":"e_1_3_3_75_2","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076770"},{"key":"e_1_3_3_76_2","first-page":"161","volume-title":"Proceedings of the IEEE Symposium on Visual Languages and Human-centric Computing (VL\/HCC\u201911)","author":"Xie Jing","year":"2011","unstructured":"Jing Xie, Heather Richter Lipford, and Bill Chu. 2011. Why do programmers make security errors? In Proceedings of the IEEE Symposium on Visual Languages and Human-centric Computing (VL\/HCC\u201911). IEEE, 161\u2013164."},{"key":"e_1_3_3_77_2","doi-asserted-by":"publisher","DOI":"10.1109\/eCRS.2013.6805770"}],"container-title":["ACM Journal on Computing and Sustainable Societies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3616383","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3616383","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T22:29:50Z","timestamp":1750285790000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3616383"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,9,22]]},"references-count":76,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2023,9,30]]}},"alternative-id":["10.1145\/3616383"],"URL":"https:\/\/doi.org\/10.1145\/3616383","relation":{},"ISSN":["2834-5533"],"issn-type":[{"value":"2834-5533","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,9,22]]},"assertion":[{"value":"2022-11-25","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-11-26","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-09-22","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}