Matthew Richard Ivory scite author profile

Matthew Richard Ivory

2Publications

0Citation Statements Received

142Citation Statements Given

How they've been cited

How they cite others

100

137

Affiliations

Publications

Order By: Most citations

Recognizing the known unknowns; the interaction between reflective thinking and optimism for uncertainty among software developer’s security perceptions

Ivory¹,

Towse²,

Sturdee³

et al. 2023

Preprint

View full text Add to dashboard Cite

Software development is a complex process requiring aspects of social, cognitive, and technical skills. Software engineers face high levels of uncertainty and risk during functional and security decision making. This preregistered study investigates behavioural measures of cognitive reflection, risk aversion, and optimism bias among professional freelance software developers and computer science students, to expose relationships between uncertainty-associated language and risk sensitivity. We employ content analysis with a mixed-effect model to understand how psychological dimensions influence risk sensitivity in secure software development. We show an interaction between cognitive reflection and optimism bias in the proportion of uncertainty-related language used. Overly optimistic outlooks combined with higher cognitive reflection drives up expressions of uncertainty, while pessimistic or realistic individuals reduce uncertainty as cognitive reflection increases. Software engineers who hold average or pessimistic views on the security of their code are more likely to speak more intuitively about security and risk. We discuss the potential for psychological interventions to promote more secure coding behaviours in software engineers. By increasing potential risk awareness, they may consider risk in software more carefully, which may lead to better security implementation in their code.

show abstract

Can you hear the ROAR of software security? How Responsibility, Optimism And Risk shape developers’ security perceptions

Ivory¹,

Sturdee²,

Towse³

et al. 2023

Preprint

View full text Add to dashboard Cite

We apply a social and cognitive psychological approach to better understand software developers’ perceptions of secure software development. Drawing upon psychological theories of social identity and cognitive processing, we illustrate how software developers’ self-defined social identities affect their approaches to development. We also point to behaviours that might indicate areas of increased risk of project delays or failure. Professional freelance software developers together with current computer science students addressed considerations of risk and security during development. A thematic analysis extracted three core themes of responsibility, risk, and optimism. We show how language used about responsibility for code security is framed through concepts of diffusion, displacement, and acceptance of responsibility. We also examine the way developers orientate to risk awareness, appetites for risk, and risk mitigation strategies. Examples of unrealistic optimism biases are highlighted and discussed. We discuss our findings in relation to psychological theories of responsibility, decision making and heuristics and biases, alongside prior work within software engineering. We conclude with a discussion of the advantages of using a psychological lens to examine the rationalisations and trade-offs made by developers when working with security in software.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.