You are Not Your Developer, Either: A Research Agenda for Usable Security and Privacy Research Beyond End Users

Yasemin Acar, Sascha Fahl, and Michelle L. Mazurek
IEEE Cybersecurity Development, SecDev 2016, Boston, MA, USA, November 3-4, 2016
PDF Abstract Bibtex DOI

Abstract

While researchers have developed many tools, techniques, and protocols for improving software security, exploits and breaches are only becoming more frequent. Some of this gap between theoretical security and actual vulnerability can be explained by insufficient consideration of human factors, broadly termed usability, when developing these mechanisms. In particular, security mechanisms may be difficult to use, may conflict with other priorities, or may assume more security knowledge than users possess. For almost 20 years, the usable security community has investigated how to improve the usability of security tools and interfaces aimed at end users. More recently, the community has begun to apply similar techniques in the context of improving security tools - such as APIs and bug-finding software - aimed not at end users but at developers, whose security errors are magnified across all users of their products. In this paper, we review key lessons learned from usable security for end users and consider how to apply them in the context of developers. We propose a research agenda aimed at developing a high-quality, comprehensive literature for usable security for developers, including: investigating how to conduct reliable research in this context, understanding developers’ attitudes, knowledge, and priorities, measuring the status quo, and developing improved tools and interventions in the future.

Reference

@inproceedings{DBLP:conf/secdev/AcarFM16,
 author = {Yasemin Acar and
Sascha Fahl and
Michelle L. Mazurek},
 bibsource = {dblp computer science bibliography, https://dblp.org},
 biburl = {https://dblp.org/rec/bib/conf/secdev/AcarFM16},
 booktitle = {IEEE Cybersecurity Development, SecDev 2016, Boston, MA, USA, November
3-4, 2016},
 doi = {10.1109/SecDev.2016.013},
 month = {Nov},
 pages = {3--8},
 title = {You are Not Your Developer, Either: A Research Agenda for Usable
Security and Privacy Research Beyond End Users},
 url = {https://doi.org/10.1109/SecDev.2016.013},
 year = {2016}
}