Developers are Neither Enemies Nor Users: They are Collaborators

Partha Das Chowdhury; Joseph Hallett; Nikhil Patnaik; Mohammad Tahaei; Awais Rashid

doi:10.1109/SecDev51306.2021.00023

Developers are Neither Enemies Nor Users: They are Collaborators

Partha Das Chowdhury, Joseph Hallett, Nikhil Patnaik, Mohammad Tahaei, Awais Rashid

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

154 Downloads (Pure)

Abstract

Developers struggle to program securely. Prior works have reviewed the methods used to run user-studies with developers, systematized the ancestry of security API usability recommendations, and proposed research agendas to help understand developers’ knowledge, attitudes towards security and priorities. In contrast we study the research to date and abstract out categories of challenges, behaviors and interventions from the results of developer-centered studies. We analyze the abstractions and identify five misplaced beliefs or tropes about developers embedded in the core design of APIs and tools. These tropes hamper the effectiveness of interventions to help developers program securely. Increased collaboration between developers, security experts and API designers to help developers understand the security assumptions of APIs alongside creating new useful abstractions—derived from such collaborations—will lead to systems with better security.

Original language	English
Title of host publication	2021 IEEE Secure Development Conference (SecDev)
Subtitle of host publication	SecDev 2021
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
Pages	47-55
ISBN (Electronic)	9781665431705
ISBN (Print)	9781665431712
DOIs	https://doi.org/10.1109/SecDev51306.2021.00023
Publication status	Published - 23 Dec 2021
Event	IEEE Secure Development Conference 2021 - Online Duration: 18 Oct 2021 → 20 Oct 2021 https://secdev.ieee.org/2021/home/

Conference

Conference	IEEE Secure Development Conference 2021
Abbreviated title	SecDev 2021
Period	18/10/21 → 20/10/21
Internet address	https://secdev.ieee.org/2021/home/

Keywords

secure software development
interventions
challenges
beliefs

Access to Document

10.1109/SecDev51306.2021.00023Licence: Unspecified

Full-text PDF (author accepted manuscript)
This is the author accepted manuscript (AAM). The final published version (version of record) is available online via IEEE at https://ieeexplore.ieee.org/document/9652651 . Please refer to any applicable terms of use of the publisher.
Accepted author manuscript, 229 KBLicence: Unspecified

Handle.net

Persistent link

Cite this

@inproceedings{c1469ea96fd9449286b5645dab2e5a10,

title = "Developers are Neither Enemies Nor Users: They are Collaborators",

abstract = "Developers struggle to program securely. Prior works have reviewed the methods used to run user-studies with developers, systematized the ancestry of security API usability recommendations, and proposed research agendas to help understand developers{\textquoteright} knowledge, attitudes towards security and priorities. In contrast we study the research to date and abstract out categories of challenges, behaviors and interventions from the results of developer-centered studies. We analyze the abstractions and identify five misplaced beliefs or tropes about developers embedded in the core design of APIs and tools. These tropes hamper the effectiveness of interventions to help developers program securely. Increased collaboration between developers, security experts and API designers to help developers understand the security assumptions of APIs alongside creating new useful abstractions—derived from such collaborations—will lead to systems with better security.",

keywords = "secure software development, interventions, challenges, beliefs",

author = "{Das Chowdhury}, Partha and Joseph Hallett and Nikhil Patnaik and Mohammad Tahaei and Awais Rashid",

year = "2021",

month = dec,

day = "23",

doi = "10.1109/SecDev51306.2021.00023",

language = "English",

isbn = "9781665431712",

pages = "47--55",

booktitle = "2021 IEEE Secure Development Conference (SecDev)",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

address = "United States",

note = "IEEE Secure Development Conference 2021, SecDev 2021 ; Conference date: 18-10-2021 Through 20-10-2021",

url = "https://secdev.ieee.org/2021/home/",

}

Developers are Neither Enemies Nor Users: They are Collaborators. / Das Chowdhury, Partha ; Hallett, Joseph ; Patnaik, Nikhil et al.
2021 IEEE Secure Development Conference (SecDev): SecDev 2021. Institute of Electrical and Electronics Engineers (IEEE), 2021. p. 47-55.

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

TY - GEN

T1 - Developers are Neither Enemies Nor Users

T2 - IEEE Secure Development Conference 2021

AU - Das Chowdhury, Partha

AU - Hallett, Joseph

AU - Patnaik, Nikhil

AU - Tahaei, Mohammad

AU - Rashid, Awais

PY - 2021/12/23

Y1 - 2021/12/23

N2 - Developers struggle to program securely. Prior works have reviewed the methods used to run user-studies with developers, systematized the ancestry of security API usability recommendations, and proposed research agendas to help understand developers’ knowledge, attitudes towards security and priorities. In contrast we study the research to date and abstract out categories of challenges, behaviors and interventions from the results of developer-centered studies. We analyze the abstractions and identify five misplaced beliefs or tropes about developers embedded in the core design of APIs and tools. These tropes hamper the effectiveness of interventions to help developers program securely. Increased collaboration between developers, security experts and API designers to help developers understand the security assumptions of APIs alongside creating new useful abstractions—derived from such collaborations—will lead to systems with better security.

AB - Developers struggle to program securely. Prior works have reviewed the methods used to run user-studies with developers, systematized the ancestry of security API usability recommendations, and proposed research agendas to help understand developers’ knowledge, attitudes towards security and priorities. In contrast we study the research to date and abstract out categories of challenges, behaviors and interventions from the results of developer-centered studies. We analyze the abstractions and identify five misplaced beliefs or tropes about developers embedded in the core design of APIs and tools. These tropes hamper the effectiveness of interventions to help developers program securely. Increased collaboration between developers, security experts and API designers to help developers understand the security assumptions of APIs alongside creating new useful abstractions—derived from such collaborations—will lead to systems with better security.

KW - secure software development

KW - interventions

KW - challenges

KW - beliefs

U2 - 10.1109/SecDev51306.2021.00023

DO - 10.1109/SecDev51306.2021.00023

M3 - Conference Contribution (Conference Proceeding)

SN - 9781665431712

SP - 47

EP - 55

BT - 2021 IEEE Secure Development Conference (SecDev)

PB - Institute of Electrical and Electronics Engineers (IEEE)

Y2 - 18 October 2021 through 20 October 2021

ER -

Developers are Neither Enemies Nor Users: They are Collaborators

Abstract

Conference

Keywords

Access to Document

Handle.net

Fingerprint

Cite this