Developers are Neither Enemies Nor Users: They are Collaborators

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

6 Citations (Scopus)
247 Downloads (Pure)

Abstract

Developers struggle to program securely. Prior works have reviewed the methods used to run user-studies with developers, systematized the ancestry of security API usability recommendations, and proposed research agendas to help understand developers’ knowledge, attitudes towards security and priorities. In contrast we study the research to date and abstract out categories of challenges, behaviors and interventions from the results of developer-centered studies. We analyze the abstractions and identify five misplaced beliefs or tropes about developers embedded in the core design of APIs and tools. These tropes hamper the effectiveness of interventions to help developers program securely. Increased collaboration between developers, security experts and API designers to help developers understand the security assumptions of APIs alongside creating new useful abstractions—derived from such collaborations—will lead to systems with better security.
Original languageEnglish
Title of host publication2021 IEEE Secure Development Conference (SecDev)
Subtitle of host publicationSecDev 2021
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages47-55
ISBN (Electronic)9781665431705
ISBN (Print)9781665431712
DOIs
Publication statusPublished - 23 Dec 2021
EventIEEE Secure Development Conference 2021 - Online
Duration: 18 Oct 202120 Oct 2021
https://secdev.ieee.org/2021/home/

Conference

ConferenceIEEE Secure Development Conference 2021
Abbreviated titleSecDev 2021
Period18/10/2120/10/21
Internet address

Keywords

  • secure software development
  • interventions
  • challenges
  • beliefs

Fingerprint

Dive into the research topics of 'Developers are Neither Enemies Nor Users: They are Collaborators'. Together they form a unique fingerprint.

Cite this