Motivational Company’s Characteristics to Secure Software

Software companies’ acceptance to adopt security practices during the software development life cycle differs from one company to another. It can be said that one of the reasons for these differences is the varied characteristics of each company, such as its size, resources, and field. This paper aims to study the characteristics of companies that affect the adoption of security practices during software development. We studied eight company characteristics, some of which are classified as primary characteristics, including company size, type of developed software, and type of company. Meanwhile, the remaining five characteristics are classified as secondary characteristics, including company field, years of experience, methodology, presence of security experts, and approach to adopting security practices. A survey method was designed to find company characteristics that impact security adoption during software development. Results show that large companies, especially generic companies, adoption security practices more than other types of companies.