Security Developer Studies with GitHub Users: Exploring a Convenience Sample

Yasemin Acar, Christian Stransky, Dominik Wermke, Michelle L. Mazurek, and Sascha Fahl
Thirteenth Symposium on Usable Privacy and Security, SOUPS 2017, Santa Clara, CA, USA, July 12-14, 2017
PDF Abstract Bibtex URL

Abstract

The usable security community is increasingly considering how to improve security decision-making not only for end users, but also for information technology professionals, including system administrators and software developers. Recruiting these professionals for user studies can prove challenging, as, relative to end users more generally, they are limited in numbers, geographically concentrated, and accustomed to higher compensation. One potential approach is to recruit active GitHub users, who are (in some ways) conveniently available for online studies. However, it is not well understood how GitHub users perform when working on security-related tasks.

As a first step in addressing this question, we conducted an experiment in which we recruited 307 active GitHub users to each complete the same security-relevant programming tasks. We compared the results in terms of functional correctness as well as security, finding differences in performance for both security and functionality related to the participant’s self-reported years of experience, but no statistically significant differences related to the participant’s self-reported status as a student, status as a professional developer, or security background.

These results provide initial evidence for how to think about validity when recruiting convenience samples as substitutes for professional developers in security developer studies.

Reference

@inproceedings{DBLP:conf/soups/AcarSWMF17,
 author = {Yasemin Acar and
Christian Stransky and
Dominik Wermke and
Michelle L. Mazurek and
Sascha Fahl},
 bibsource = {dblp computer science bibliography, https://dblp.org},
 biburl = {https://dblp.org/rec/bib/conf/soups/AcarSWMF17},
 booktitle = {Thirteenth Symposium on Usable Privacy and Security, SOUPS 2017,
Santa Clara, CA, USA, July 12-14, 2017},
 month = {Jul},
 pages = {81--95},
 title = {Security Developer Studies with GitHub Users: Exploring a Convenience
Sample},
 url = {https://www.usenix.org/conference/soups2017/technical-sessions/presentation/acar},
 year = {2017}
}