Quality, security, and privacy assurance in software development: proactive integration or just workflow-slowing checkpoints?

Abstract

In software development, the integration of assurance methodologies such as quality, security, and privacy practices is essential to producing high-quality, reliable, and compliant products. This paper investigates the adoption and effectiveness of these assurance practices within the daily operations of software development. Through an industry survey of 88 software development professionals in Finland, this study examines the order and consistency with which developers apply assurance practices during projects, and the challenges they face in performing these tasks. The results show that while developers recognize the importance of assurance, many organizations still treat it as a separate, secondary activity rather than a core part of the development lifecycle. Key findings show that quality practices are more consistently integrated into daily operations compared to security and privacy measures, which tend to be reactive. The paper highlights the tension between agile practices, which promote flexibility and continuous improvement, and the more rigid, process-heavy nature of assurance tasks. The study underscores the need for a shift in both industry practices and educational approaches to fully embed assurance into software development.