How to Conduct Security Studies with Software Developers

Abstract

As our everyday life depends on software and its security, studies with software developers become ever more important. Motivated by multiple security breaches caused by issues during software development, more studies with software developers have to be conducted to investigate and help software developers create and test secure software. Thus, the design of security studies with software developers is a crucial task for researchers in Human Computer Interaction (HCI). While ample research has been conducted with end-users, there has been less investigation involving software developers. As with to end-user studies, different methods can be used to conduct studies with software developers, and the design decisions need to be made carefully and rationally. Since recruiting developers as study participants is difficult and costly, the decisions referring to study design have an increased value in the research process. Therefore, it is important to consider different methods before deciding on any one of them. In order to gain more insights into methodological design decisions, this thesis considers different approaches that have been used to conduct security studies with software developers. Five developer studies in different fields are conducted to investigate their methodological and usability- related implications. The findings of each study are analyzed at the primary level as well as a meta-level. While the primary level deals with the implications for that specific security topic, the meta level deals with methodological insights and findings. Based on these results, recommendations are offered on how to conduct security studies with software developers.