Bridging the Security Gap in SDLC: Challenges and Solutions for Local IT Firms in Bangladesh

Department of Computer Science and Engineering, Independent University Bangladesh, Plot 16, Block B, Aftabuddin Ahmed Road. Bashundhara Residential Area, Dhaka, Bangladesh

^* Corresponding author: mahady@iub.edu.bd

Published online: 18 June 2025

Abstract

Local IT companies in Bangladesh struggle to incorporate security measures throughout their software development processes. We surveyed 15 tech professionals from 14 different Bangladeshi firms—ranging from top executives to entry-level programmers—to understand their security challenges. Their responses revealed ongoing problems with SQL attacks, authentication weaknesses, and risks from external code libraries. Looking deeper it was found that many professionals know about security best practices; however, they rarely implement them effectively. Many companies seem to be merely checking compliance boxes rather than building genuinely secure systems. Current approaches rely heavily on traditional methods like code reviews and penetration testing, with newer techniques largely absent. To address these shortcomings, we suggest several budget-friendly approaches: using free automated testing tools, building security checks into development workflows, implementing no-cost multi-factor authentication, creating in-house security training programs, working with government agencies to develop better policies, and leveraging affordable cloud security options. Our findings offer practical guidance for Bangladeshi software companies looking to enhance security without breaking the bank.