The damage caused by cybercrime makes the development of secure software inevitable. Although many tools and frameworks exist to support the development of secure software, statistics on cybercrime show no improvement in recent years. To understand the challenges software companies face in developing secure software, we conducted an interview study with 19 industry experts from 12 cross-industry companies. The results of our study show that the challenges are mainly due to high complexity, a lack of security awareness, and unsuitable processes, which are further exacerbated by an immediate lack of skilled personnel. This article presents our study and the challenges we identified, and derives potential research directions from them.

翻译：网络犯罪造成的损害使得开发安全软件成为必然。尽管存在许多支持开发安全软件的工具和框架，但网络犯罪统计数据表明近年来并未得到改善。为了解软件公司在开发安全软件时面临的挑战，我们对来自12家跨行业公司的19位行业专家进行了访谈研究。研究结果表明，挑战主要源于高复杂性、安全意识缺乏以及不合适的流程，这些问题因当前技术人才短缺而进一步加剧。本文介绍了我们的研究及所识别的挑战，并由此推导出潜在的研究方向。