Details
| Original language | English |
|---|---|
| Title of host publication | CHI 2020 - Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems |
| Publisher | Association for Computing Machinery (ACM) |
| Number of pages | 13 |
| ISBN (electronic) | 9781450367080 |
| Publication status | Published - 21 Apr 2020 |
| Event | 2020 ACM CHI Conference on Human Factors in Computing Systems, CHI 2020 - Honolulu, United States Duration: 25 Apr 2020 → 30 Apr 2020 |
Publication series
| Name | Conference on Human Factors in Computing Systems - Proceedings |
|---|
Abstract
The positive effect of security information communicated to developers through API warnings has been established. However, current prototypical designs are based on security warnings for end-users. To improve security feedback for developers, we conducted a participatory design study with 25 professional software developers in focus groups. We identify which security information is considered helpful in avoiding insecure cryptographic API use during development. Concerning console messages, participants suggested five core elements, namely message classification, title message, code location, link to detailed external resources, and color. Design guidelines for end-user warnings are only partially suitable in this context. Participants emphasized the importance of tailoring the detail and content of security information to the context. Console warnings call for concise communication; further information needs to be linked externally. Therefore, security feedback should transcend tools and should be adjustable by software developers across development tools, considering the work context and developer needs.
Keywords
- cryptographic apis, developer console, focus groups, participatory design, security warning design, software development
ASJC Scopus subject areas
- Computer Science(all)
- Computer Graphics and Computer-Aided Design
- Computer Science(all)
- Human-Computer Interaction
- Computer Science(all)
- Software
Cite this
- Standard
- Harvard
- Apa
- Vancouver
- BibTeX
- RIS
CHI 2020 - Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems. Association for Computing Machinery (ACM), 2020. 3376142 (Conference on Human Factors in Computing Systems - Proceedings).
Research output: Chapter in book/report/conference proceeding › Conference contribution › Research › peer review
}
TY - GEN
T1 - Listen to Developers!
T2 - 2020 ACM CHI Conference on Human Factors in Computing Systems, CHI 2020
AU - Gorski, Peter Leo
AU - Acar, Yasemin
AU - Lo Iacono, Luigi
AU - Fahl, Sascha
N1 - Funding Information: The authors would like to thank the anonymous reviewers and shepherd for providing valuable feedback; and all participants of this study for their generous voluntary participation. This work was partially funded by the German Federal Ministry of Education and Research within the funding program "Forschung an Fachhochschulen" (contract no. 13FH016IX6).
PY - 2020/4/21
Y1 - 2020/4/21
N2 - The positive effect of security information communicated to developers through API warnings has been established. However, current prototypical designs are based on security warnings for end-users. To improve security feedback for developers, we conducted a participatory design study with 25 professional software developers in focus groups. We identify which security information is considered helpful in avoiding insecure cryptographic API use during development. Concerning console messages, participants suggested five core elements, namely message classification, title message, code location, link to detailed external resources, and color. Design guidelines for end-user warnings are only partially suitable in this context. Participants emphasized the importance of tailoring the detail and content of security information to the context. Console warnings call for concise communication; further information needs to be linked externally. Therefore, security feedback should transcend tools and should be adjustable by software developers across development tools, considering the work context and developer needs.
AB - The positive effect of security information communicated to developers through API warnings has been established. However, current prototypical designs are based on security warnings for end-users. To improve security feedback for developers, we conducted a participatory design study with 25 professional software developers in focus groups. We identify which security information is considered helpful in avoiding insecure cryptographic API use during development. Concerning console messages, participants suggested five core elements, namely message classification, title message, code location, link to detailed external resources, and color. Design guidelines for end-user warnings are only partially suitable in this context. Participants emphasized the importance of tailoring the detail and content of security information to the context. Console warnings call for concise communication; further information needs to be linked externally. Therefore, security feedback should transcend tools and should be adjustable by software developers across development tools, considering the work context and developer needs.
KW - cryptographic apis
KW - developer console
KW - focus groups
KW - participatory design
KW - security warning design
KW - software development
UR - http://www.scopus.com/inward/record.url?scp=85091317195&partnerID=8YFLogxK
U2 - 10.1145/3313831.3376142
DO - 10.1145/3313831.3376142
M3 - Conference contribution
AN - SCOPUS:85091317195
T3 - Conference on Human Factors in Computing Systems - Proceedings
BT - CHI 2020 - Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems
PB - Association for Computing Machinery (ACM)
Y2 - 25 April 2020 through 30 April 2020
ER -