Home > Research > Publications & Outputs > Influences of developers' perspectives on their...

Research

Associated organisational units

Electronic data

  • Influences of developers' perspectives on their engagement with security in code[20]

    Rights statement: © ACM, 2022. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in CHASE 2022 http://doi.acm.org/10.1145/3528579.3529180

    Accepted author manuscript, 1.14 MB, PDF document

    Available under license: CC BY: Creative Commons Attribution 4.0 International License

Links

Text available via DOI:

View graph of relations

Influences of developers' perspectives on their engagement with security in code

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published
  • Irum Rauf
  • Tamara Lopez
  • Helen Sharp
  • Marian Petre
  • Thein T. Tun
  • Mark Levine
  • John Towse
  • Dirk van der Linden
  • Awais Rashid
  • Bashar Nuseibeh
Close
More...
Publication date19/07/2022
Host publicationCHASE '22: Proceedings of the 15th International Conference on Cooperative and Human Aspects of Software Engineering
Place of PublicationNew York
PublisherAssociation for Computing Machinery, Inc
Pages86-95
Number of pages10
ISBN (electronic)9781450393423
<mark>Original language</mark>English

Publication series

NameProceedings - 15th International Conference on Cooperative and Human Aspects of Software Engineering, CHASE 2022

Abstract

Background: Recent studies show that secure coding is about not only technical requirements but also developers’ behaviour.
Objective: To understand the influence of socio-technical contexts on how developers attend to and engage with security in code, software engineering researchers collaborated with social psychologists on a psychologically-informed study.
Method: In a preregistered, between-group, controlled experiment, 124 developers from multiple freelance communities, were primed toward one of three identities, following which they completed code review tasks with open-ended responses. Qualitative analysis of the rich data focused on the attitudes and reasoning that shaped their identification of security issues within code.
Results: Overall, attention to code security was intermittent and heterogeneous in focus. Although social identity priming did not significantly change the code review, qualitative analysis revealed that developers varied in how they noticed issues in code, how they addressed them, and how they justified their choices.
Conclusion: We found that many developers do think about security – but differently from one another. Hence, effective interventions to promote secure coding must be appropriate to the individual development context. Data is uploaded at: https://osf.io/3jvrk/files/

Bibliographic note

© ACM, 2022. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in CHASE 2022 http://doi.acm.org/10.1145/3528579.3529180