Developers turn to Stack Overflow and other on-line sources to find solutions to security problems, but little is known about how they engage with and guide one another in these environments or the perceptions of software security this may encourage. This study joins recent calls to understand more about how developers use Internet sources to solve security problems. Using qualitative methods, a set of questions within the security channel of Stack Overflow were selected and examined for themes. Preliminary findings reveal more about this community of practitioners: who are the askers and commenters, how security questions are asked and how developers frame technical information using social and experience-based perceptions of security. CCS CONCEPTS • Security and privacy → Software security engineering; • Software and its engineering → Collaboration in software development; KEYWORDS secure software development, collaborative environments, empirical studies 1 INTRODUCTION Many real-world security vulnerabilities in software relate to a few known classes of attack such as code injection. A number of practices and technologies for detecting and preventing vulnerabilities in software are likewise established, such as input sanitisation and non-escaping strings. However, it is not clear why many professional software developers do not adopt these practices and technologies as a matter of course. Security is, in part, a social phenomenon. Peer interaction, experience of security failures, and an awareness about the impact of security failures on people's well-being influence the decisions individuals make about whether or not to be secure in their personal lives [10] and on the job [17]. Social interaction is also key to developers' motivation to work; characteristics of the feedback received Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the owner/author(s).