Security and Privacy as Hygiene Factors of Developer Behavior in Small and Agile Teams

Loser, Kai-Uwe; Degeling, Martin

doi:10.1007/978-3-662-44208-1_21

Cited by 15 publications

(8 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…When the decision is in the hands of developers and made in early stages of the development process, our results show that ease of integration and familiarity with solutions are the driving factors for adoption. This does not necessarily mean that developers do not care about privacy, but it is simply not an important concern given deadlines and limited resources in small teams [39]. While at the beginning of development it is often unclear what user data the final (web) application will need [3], this does not preclude the involvement of privacy considerations from the beginning.…”

Section: Promoting Privacy Engineeringmentioning

confidence: 99%

Privacy Rarely Considered: Exploring Considerations in the Adoption of Third-Party Services by Websites

Utz¹,

Amft²,

Degeling³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

Modern websites frequently use and embed third-party services to facilitate web development, connect to social media, or for monetization. This often introduces privacy issues as the inclusion of third-party services on a website can allow the third party to collect personal data about the website's visitors. While the prevalence and mechanisms of third-party web tracking have been widely studied, little is known about the decision processes that lead to websites using third-party functionality and whether efforts are being made to protect their visitors' privacy.We report results from an online survey with 395 participants involved in the creation and maintenance of websites. For ten common website functionalities we investigated if privacy has played a role in decisions about how the functionality is integrated, if specific efforts for privacy protection have been made during integration, and to what degree people are aware of data collection through third parties. We find that ease of integration drives third-party adoption but visitor privacy is considered if there are legal requirements or respective guidelines. Awareness of data collection and privacy risks is higher if the collection is directly associated with the purpose for which the third-party service is used.

show abstract

Section: Promoting Privacy Engineeringmentioning

confidence: 99%

Privacy Rarely Considered: Exploring Considerations in the Adoption of Third-Party Services by Websites

Utz¹,

Amft²,

Degeling³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…In HCI, hygiene factors have sometimes been associated with requirements around security and privacy -offering little in the way of user satisfaction, but providing a robust and reliable design [Loser and Degeling 2014], whilst motivating factors have been associated with systems that 'add worth' either individually or collectively [Cockton 2006;van Biljon et al 2008].…”

Section: Resultsmentioning

confidence: 99%

An Inclusive, Value Sensitive Design Perspective on Future Identity Technologies

Briggs

Thomas

2015

ACM Trans. Comput.-Hum. Interact.

View full text Add to dashboard Cite

Identity technologies constitute one of the fastest growing areas for research and development, driven by both commercial and administrative imperatives. Crucially, they constitute the means by which we include or exclude individuals and groups in terms of access to goods, services or information-yet few developments in this space embrace an inclusive or value sensitive design philosophy. We describe a rigorous exercise in which we source scenarios that capture new research in the identity space and use these as probes in an inclusive design process. Workshops were held with 6 marginalized community groups: young people, older adults, refugees, black minority ethnic [BME] women, people with disabilities, and mental health service users. Our findings echo Herzberg's two-factor theory in that we are able to identify a set of relatively common values around sources of potential dissatisfaction [hygiene factors] as well as a set of motivators that are differentially valued across communities.

show abstract

“…It provides app developers' prioritization choices (via card-sort or selection tasks) of different options impacting software security for six tasks and the rationales for the choices they make. Included are (1) setting up an IDE by choosing functionality; (2) fixing source-code by deciding what flaws to fix first; (3) deciding where to seek help using an API; (4) deciding whom to involve as testers; (5) what to consider when selecting an advertisement SDK; and (6) what clauses to favor for a software license agreement. The participants were not primed for security and hence were not aware that different options may differently impact software security.…”

Section: Methodsmentioning

confidence: 99%

“…Th.3: Being on your own or in a team: Being part of a team may provide more structure which in turn leads to more secure practices and reasoning-simply because there are systems in place such as code review. This, of course, does not necessarily push developers to consider security more explicitly, as they might simply consider it someone else's responsibility [5], but demonstrates that our participants at least orientate to the potential scrutiny of others. Looking at rationale of some of the insecure choices by developers who prioritize security a priori we see developers may shift from secure choices to insecure choices if they do not consider themselves part of the team any more: "If it was a side project, chances are I would be publishing it as-is, to be as useful as possible immediately, offering it without any guarantees" (P4) and "Seems like a right approach for new personal project" (P9).…”

Section: Prioritizing Security From the Start (Or Not)mentioning

confidence: 97%

Security but not for security's sake

Rauf

Linden

Levine

et al. 2020

Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops

View full text Add to dashboard Cite

We explore a dataset of app developer reasoning to better understand the reasons that may inadvertently promote or demote app developers' prioritization of security. We identify a number of reasons: caring vs. fear of users, the impact of norms, and notions of 'otherness' and 'self' in terms of belonging to groups. Based on our preliminary findings, we propose an interdisciplinary research agenda to explore the impact of social identity (a psychological theory) on developers' security rationales, and how this could be leveraged to guide developers towards making more secure choices. CCS CONCEPTS• Security and privacy → Social aspects of security and privacy.

show abstract

Security and Privacy as Hygiene Factors of Developer Behavior in Small and Agile Teams

Cited by 15 publications

References 12 publications

Privacy Rarely Considered: Exploring Considerations in the Adoption of Third-Party Services by Websites

Privacy Rarely Considered: Exploring Considerations in the Adoption of Third-Party Services by Websites

An Inclusive, Value Sensitive Design Perspective on Future Identity Technologies

Security but not for security's sake

Contact Info

Product

Resources

About