Abstract

In the realm of software development, ensuring the security of a product is of paramount importance. Beyond software components, product security encompasses hardware, firmware, and other elements, including designing and implementing security measures that protect the product holistically, considering physical security, supply chain security, and operational security. However, with the increasing prev alence of cyber threats, organizations face numerous challenges in safeguarding their software products. Many organizations consider security a bottleneck, as insecure software puts the business at risk. To address this lack, we have conducted an empirical study to investigate the challenges and practices of product security in the context of the software development process. Our semi-structured interviews with 22 practitioners across various industries emphasized the relevance of product security practices within this domain. However, the findings also uncovered new challenges that hinder the integration of these practices. The insights derived from this research capture practitioners' perspectives on product security, enabling organizations to address security concerns proactively and devise effective strategies to protect their software products during the development process.