Developers are Neither Enemies Nor Users: They are Collaborators

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

6 Citations (Scopus)
269 Downloads (Pure)


Developers struggle to program securely. Prior works have reviewed the methods used to run user-studies with developers, systematized the ancestry of security API usability recommendations, and proposed research agendas to help understand developers’ knowledge, attitudes towards security and priorities. In contrast we study the research to date and abstract out categories of challenges, behaviors and interventions from the results of developer-centered studies. We analyze the abstractions and identify five misplaced beliefs or tropes about developers embedded in the core design of APIs and tools. These tropes hamper the effectiveness of interventions to help developers program securely. Increased collaboration between developers, security experts and API designers to help developers understand the security assumptions of APIs alongside creating new useful abstractions—derived from such collaborations—will lead to systems with better security.
Original languageEnglish
Title of host publication2021 IEEE Secure Development Conference (SecDev)
Subtitle of host publicationSecDev 2021
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
ISBN (Electronic)9781665431705
ISBN (Print)9781665431712
Publication statusPublished - 23 Dec 2021
EventIEEE Secure Development Conference 2021 - Online
Duration: 18 Oct 202120 Oct 2021


ConferenceIEEE Secure Development Conference 2021
Abbreviated titleSecDev 2021
Internet address


  • secure software development
  • interventions
  • challenges
  • beliefs


Dive into the research topics of 'Developers are Neither Enemies Nor Users: They are Collaborators'. Together they form a unique fingerprint.

Cite this