Details
Originalsprache | Englisch |
---|---|
Titel des Sammelwerks | Proceedings |
Untertitel | 43rd IEEE Symposium on Security and Privacy, SP 2022 |
Herausgeber (Verlag) | Institute of Electrical and Electronics Engineers Inc. |
Seiten | 893-910 |
Seitenumfang | 18 |
ISBN (elektronisch) | 9781665413169 |
ISBN (Print) | 978-1-6654-1317-6 |
Publikationsstatus | Veröffentlicht - 2022 |
Veranstaltung | 43rd IEEE Symposium on Security and Privacy, SP 2022 - San Francisco, USA / Vereinigte Staaten Dauer: 23 Mai 2022 → 26 Mai 2022 |
Publikationsreihe
Name | Proceedings - IEEE Symposium on Security and Privacy |
---|---|
Band | 2022-May |
ISSN (Print) | 1081-6011 |
ISSN (elektronisch) | 2375-1207 |
Abstract
ASJC Scopus Sachgebiete
- Ingenieurwesen (insg.)
- Sicherheit, Risiko, Zuverlässigkeit und Qualität
- Informatik (insg.)
- Software
- Informatik (insg.)
- Computernetzwerke und -kommunikation
Zitieren
- Standard
- Harvard
- Apa
- Vancouver
- BibTex
- RIS
Proceedings: 43rd IEEE Symposium on Security and Privacy, SP 2022. Institute of Electrical and Electronics Engineers Inc., 2022. S. 893-910 (Proceedings - IEEE Symposium on Security and Privacy; Band 2022-May).
Publikation: Beitrag in Buch/Bericht/Sammelwerk/Konferenzband › Aufsatz in Konferenzband › Forschung › Peer-Review
}
TY - GEN
T1 - How Does Usable Security (Not) End Up in Software Products?
T2 - 43rd IEEE Symposium on Security and Privacy, SP 2022
AU - Gutfleisch, Marco
AU - Klemmer, Jan H.
AU - Busch, Niklas
AU - Acar, Yasemin
AU - Sasse, M. Angela
AU - Fahl, Sascha
N1 - Funding Information: This research was partially funded by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany’s Excellence Strategy – EXC 2092 CASA – 390781972. We would like to thank the anonymous reviewers for their valuable feedback and for helping us to improve this paper. Furthermore, we want to thank all interviewees for supporting our research.
PY - 2022
Y1 - 2022
N2 - For software to be secure in practice, users need to be willing and able to appropriately use security features. These features are usually implemented by software professionals during the software development process (SDP), who may be unable to consider the usability of these mechanisms. While research has made progress in supporting developers in creating secure software products, very little attention has been paid to whether and how these security features are made usable. In a semi-structured interview study with 25 software professionals (software developers, designers, architects), we explored how they and other decision-makers encounter and deal with security and usability during the software development process in their companies. Based on 37 hours of interview recordings, we qualitatively analyzed and investigated 23 distinct development contexts in detail. In addition to individual awareness and factors that directly influence the implementation phase, we identify a high impact of contextual factors, such as stakeholder pressure, presence of expertise, and collaboration culture, and the specific implementation of the SDP on usable security in software products. We conclude our work by highlighting important gaps, such as studying and improving contextual factors that contribute to usable security and discussing potential improvements of the status quo.
AB - For software to be secure in practice, users need to be willing and able to appropriately use security features. These features are usually implemented by software professionals during the software development process (SDP), who may be unable to consider the usability of these mechanisms. While research has made progress in supporting developers in creating secure software products, very little attention has been paid to whether and how these security features are made usable. In a semi-structured interview study with 25 software professionals (software developers, designers, architects), we explored how they and other decision-makers encounter and deal with security and usability during the software development process in their companies. Based on 37 hours of interview recordings, we qualitatively analyzed and investigated 23 distinct development contexts in detail. In addition to individual awareness and factors that directly influence the implementation phase, we identify a high impact of contextual factors, such as stakeholder pressure, presence of expertise, and collaboration culture, and the specific implementation of the SDP on usable security in software products. We conclude our work by highlighting important gaps, such as studying and improving contextual factors that contribute to usable security and discussing potential improvements of the status quo.
KW - usable-security,-usability,-security,-software-development-process,-software-engineering,-interview-study
UR - http://www.scopus.com/inward/record.url?scp=85135922305&partnerID=8YFLogxK
U2 - 10.1109/SP46214.2022.9833756
DO - 10.1109/SP46214.2022.9833756
M3 - Conference contribution
AN - SCOPUS:85135922305
SN - 978-1-6654-1317-6
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 893
EP - 910
BT - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 23 May 2022 through 26 May 2022
ER -