Community security champions: Studying the most influential users on Security Stack~Exchange

Partha Das Chowdhury; Mohammad Tahaei; Matthew  Edwards; Claudia Peersman; Lata Nautiyal; Marvin Ramokapane; Awais Rashid

doi:10.1109/SecDev61143.2024.00015

Community security champions: Studying the most influential users on Security Stack~Exchange

Partha Das Chowdhury, Mohammad Tahaei, Matthew Edwards, Claudia Peersman, Lata Nautiyal, Marvin Ramokapane, Awais Rashid

School of Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

96 Downloads (Pure)

Abstract

Online information sources have a considerable influence on the security of applications developed. Prior research has shown that insecure code snippets and security advice is pervasive in popular information sources. DCS as a field has suggested interventions with respect to the usage of such information sources. We argue that such interventions are based only on the study of the demand side, where as interventions to be effective in any production environment needs to be situated on a comprehensive understanding of both demand side & supply side. We study the supply side of a popular source for security knowledge -- Security Stack~Exchange. Our findings reveal that the manner in which the forum identifies its top answerers is inadequate. We find 424 additional answerers whose engagement and topic interests are similar to the ranked top answerers. We term the collective of these power users irrespective of their reputation as CSCs. The significance of this work lie in equipping the community with the information on where to intervene and how to intervene. Our work can serve as a methodological foundation to study network characteristics which is critical for improved user experience and to keep information networks relevant.

Original language	English
Title of host publication	2024 IEEE Secure Development Conference (SecDev)
Publisher	IEEE Computer Society
Pages	93-104
Number of pages	12
ISBN (Electronic)	9798350391930
ISBN (Print)	9798350391947
DOIs	https://doi.org/10.1109/SecDev61143.2024.00015
Publication status	Published - 30 Oct 2024
Event	IEEE Secure Development Conference - Carnegie Mellon University Software Engineering Institute, Pittsburgh, United States Duration: 7 Oct 2024 → 9 Oct 2024 https://secdev.ieee.org/2024/home

Conference

Conference	IEEE Secure Development Conference
Abbreviated title	IEEE SecDev 2024
Country/Territory	United States
City	Pittsburgh
Period	7/10/24 → 9/10/24
Internet address	https://secdev.ieee.org/2024/home

Bibliographical note

Publisher Copyright:
© 2024 IEEE.

Research Groups and Themes

Cyber Security

Access to Document

10.1109/SecDev61143.2024.00015Licence: Unspecified

Full-text PDF (accepted manuscript)
This is the accepted author manuscript (AAM) of the article which has been made Open Access under the University of Bristol's Scholarly Works Policy. The final published version (Version of Record) can be found on the publisher's website. The copyright of any third-party content, such as images, remains with the copyright holder.
Accepted author manuscript, 1.47 MBLicence: CC BY

Handle.net

Persistent link

Cite this

@inproceedings{104b8c69bea04d86aacd3e6a211945bb,

title = "Community security champions: Studying the most influential users on Security Stack\textasciitilde{}Exchange",

abstract = "Online information sources have a considerable influence on the security of applications developed. Prior research has shown that insecure code snippets and security advice is pervasive in popular information sources. DCS as a field has suggested interventions with respect to the usage of such information sources. We argue that such interventions are based only on the study of the demand side, where as interventions to be effective in any production environment needs to be situated on a comprehensive understanding of both demand side \& supply side. We study the supply side of a popular source for security knowledge -- Security Stack\textasciitilde{}Exchange. Our findings reveal that the manner in which the forum identifies its top answerers is inadequate. We find 424 additional answerers whose engagement and topic interests are similar to the ranked top answerers. We term the collective of these power users irrespective of their reputation as CSCs. The significance of this work lie in equipping the community with the information on where to intervene and how to intervene. Our work can serve as a methodological foundation to study network characteristics which is critical for improved user experience and to keep information networks relevant.",

author = "\{Das Chowdhury\}, Partha and Mohammad Tahaei and Matthew Edwards and Claudia Peersman and Lata Nautiyal and Marvin Ramokapane and Awais Rashid",

note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; IEEE Secure Development Conference, IEEE SecDev 2024 ; Conference date: 07-10-2024 Through 09-10-2024",

year = "2024",

month = oct,

day = "30",

doi = "10.1109/SecDev61143.2024.00015",

language = "English",

isbn = "9798350391947",

pages = "93--104",

booktitle = "2024 IEEE Secure Development Conference (SecDev)",

publisher = "IEEE Computer Society",

address = "United States",

url = "https://secdev.ieee.org/2024/home",

}

Das Chowdhury, P, Tahaei, M, Edwards, M , Peersman, C, Nautiyal, L, Ramokapane, M & Rashid, A 2024, Community security champions: Studying the most influential users on Security Stack~Exchange. in 2024 IEEE Secure Development Conference (SecDev). IEEE Computer Society, pp. 93-104, IEEE Secure Development Conference, Pittsburgh, Pennsylvania, United States, 7/10/24. https://doi.org/10.1109/SecDev61143.2024.00015

TY - GEN

T1 - Community security champions

T2 - IEEE Secure Development Conference

AU - Das Chowdhury, Partha

AU - Tahaei, Mohammad

AU - Edwards, Matthew

AU - Peersman, Claudia

AU - Nautiyal, Lata

AU - Ramokapane, Marvin

AU - Rashid, Awais

PY - 2024/10/30

Y1 - 2024/10/30

N2 - Online information sources have a considerable influence on the security of applications developed. Prior research has shown that insecure code snippets and security advice is pervasive in popular information sources. DCS as a field has suggested interventions with respect to the usage of such information sources. We argue that such interventions are based only on the study of the demand side, where as interventions to be effective in any production environment needs to be situated on a comprehensive understanding of both demand side & supply side. We study the supply side of a popular source for security knowledge -- Security Stack~Exchange. Our findings reveal that the manner in which the forum identifies its top answerers is inadequate. We find 424 additional answerers whose engagement and topic interests are similar to the ranked top answerers. We term the collective of these power users irrespective of their reputation as CSCs. The significance of this work lie in equipping the community with the information on where to intervene and how to intervene. Our work can serve as a methodological foundation to study network characteristics which is critical for improved user experience and to keep information networks relevant.

AB - Online information sources have a considerable influence on the security of applications developed. Prior research has shown that insecure code snippets and security advice is pervasive in popular information sources. DCS as a field has suggested interventions with respect to the usage of such information sources. We argue that such interventions are based only on the study of the demand side, where as interventions to be effective in any production environment needs to be situated on a comprehensive understanding of both demand side & supply side. We study the supply side of a popular source for security knowledge -- Security Stack~Exchange. Our findings reveal that the manner in which the forum identifies its top answerers is inadequate. We find 424 additional answerers whose engagement and topic interests are similar to the ranked top answerers. We term the collective of these power users irrespective of their reputation as CSCs. The significance of this work lie in equipping the community with the information on where to intervene and how to intervene. Our work can serve as a methodological foundation to study network characteristics which is critical for improved user experience and to keep information networks relevant.

UR - https://secdev.ieee.org/2024/home

U2 - 10.1109/SecDev61143.2024.00015

DO - 10.1109/SecDev61143.2024.00015

M3 - Conference Contribution (Conference Proceeding)

SN - 9798350391947

SP - 93

EP - 104

BT - 2024 IEEE Secure Development Conference (SecDev)

PB - IEEE Computer Society

Y2 - 7 October 2024 through 9 October 2024

ER -

Community security champions: Studying the most influential users on Security Stack~Exchange

Abstract

Conference

Bibliographical note

Research Groups and Themes

Access to Document

Handle.net

Other files and links

Fingerprint

Cite this