Secure software is a cornerstone to safe and resilient digital ecosystems. It offers strong foundation to protect users' sensitive data and guard against cyber-threats. The rapidly increasing landscape of digital economy has encouraged developers from different socio-technical and socio-economic backgrounds to join online freelance marketplaces. While, secure software practices facilitate software developers in developing secure software, there is paucity of research on how freelance developers adhere to security practices and how they can be facilitated to improve their security behavior in under-resourced environments. Moreover, freelance developers are often held responsible for producing insecure code. In this position paper, we review existing literature and argue for the case of distributed security responsibilities in online freelance environment. We propose a research agenda aimed at offering an organized and systematic effort by researchers to address security needs and challenges of online freelance marketplaces. These include: characterising software security and defining separation of responsibilities, building trust in online freelance development communities, leveraging the potential of online freelancing platforms in the promotion of secure software development and building adaptive security interventions for online freelance software development. The research has the potential to bring forth existing security solutions to wider developer community and deliver substantial benefits to the broader security ecosystem.

翻译：安全软件是构建安全且有韧性的数字生态系统的基石。它为用户敏感数据的保护及抵御网络威胁提供了坚实基础。数字经济的快速增长鼓励了来自不同社会技术和社会经济背景的开发者加入在线自由职业市场。尽管安全软件实践有助于软件开发者开发安全的软件，但目前关于自由职业开发者如何遵循安全实践，以及如何在资源不足的环境中促进其改善安全行为的研究仍十分匮乏。此外，自由职业开发者常因生产不安全的代码而被追究责任。在这篇立场论文中，我们回顾了现有文献，并论证了在线自由职业环境中分布式安全责任的必要性。我们提出了一项研究议程，旨在通过研究者的组织化、系统化努力，应对在线自由职业市场的安全需求与挑战。这些包括：描述软件安全特征并界定责任分离、在在线自由职业开发社区中建立信任、挖掘在线自由职业平台在促进安全软件开发方面的潜力，以及构建针对在线自由职业软件开发的适应性安全干预措施。该研究有望将现有安全解决方案推广至更广泛的开发者社区，并为更广泛的安全生态系统带来实质性益处。