Where to Recruit for Security Development Studies: Comparing Six Software Developer Samples

Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

Authors

  • Harjot Kaur
  • Sabrina Amft
  • Daniel Votipka
  • Yasemin Acar
  • Sascha Fahl

External Research Organisations

  • CISPA Helmholtz Center for Information Security
  • Tufts University
  • George Washington University
  • Max Planck Institute for Security and Privacy
View graph of relations

Details

Original languageEnglish
Title of host publicationProceedings of the 31st USENIX Security Symposium, Security 2022
Pages4041-4058
Number of pages18
ISBN (electronic)9781939133311
Publication statusPublished - 2022
Event31st USENIX Security Symposium, Security 2022 - Boston, United States
Duration: 10 Aug 202212 Aug 2022

Publication series

NameProceedings of the 31st USENIX Security Symposium, Security 2022

Abstract

Studying developers is an important aspect of usable security and privacy research. In particular, studying security development challenges such as the usability of security APIs, the secure use of information sources during development or the effectiveness of IDE security plugins raised interest in recent years. However, recruiting skilled participants with software development experience is particularly challenging, and it is often not clear what security researchers can expect from certain participant samples, which can make research results hard to compare and interpret. Hence, in this work, we study for the first time opportunities and challenges of different platforms to recruit participants with software development experience for security development studies. First, we identify popular recruitment platforms in 59 papers. Then, we conduct a comparative online study with 706 participants based on self-reported software development experience across six recruitment platforms. Using an online questionnaire, we investigate participants' programming and security experiences, skills and knowledge. We find that participants across all samples report rich general software development and security experience, skills, and knowledge. Based on our results, we recommend developer recruitment from Upwork for practical coding studies and Amazon MTurk along with a pre-screening survey to reduce additional noise for larger studies. Both of these, along with Freelancer, are also recommended for security studies. We conclude the paper by discussing the impact of our results on future security development studies.

ASJC Scopus subject areas

Cite this

Where to Recruit for Security Development Studies: Comparing Six Software Developer Samples. / Kaur, Harjot; Amft, Sabrina; Votipka, Daniel et al.
Proceedings of the 31st USENIX Security Symposium, Security 2022. 2022. p. 4041-4058 (Proceedings of the 31st USENIX Security Symposium, Security 2022).

Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

Kaur, H, Amft, S, Votipka, D, Acar, Y & Fahl, S 2022, Where to Recruit for Security Development Studies: Comparing Six Software Developer Samples. in Proceedings of the 31st USENIX Security Symposium, Security 2022. Proceedings of the 31st USENIX Security Symposium, Security 2022, pp. 4041-4058, 31st USENIX Security Symposium, Security 2022, Boston, United States, 10 Aug 2022.
Kaur, H., Amft, S., Votipka, D., Acar, Y., & Fahl, S. (2022). Where to Recruit for Security Development Studies: Comparing Six Software Developer Samples. In Proceedings of the 31st USENIX Security Symposium, Security 2022 (pp. 4041-4058). (Proceedings of the 31st USENIX Security Symposium, Security 2022).
Kaur H, Amft S, Votipka D, Acar Y, Fahl S. Where to Recruit for Security Development Studies: Comparing Six Software Developer Samples. In Proceedings of the 31st USENIX Security Symposium, Security 2022. 2022. p. 4041-4058. (Proceedings of the 31st USENIX Security Symposium, Security 2022).
Kaur, Harjot ; Amft, Sabrina ; Votipka, Daniel et al. / Where to Recruit for Security Development Studies : Comparing Six Software Developer Samples. Proceedings of the 31st USENIX Security Symposium, Security 2022. 2022. pp. 4041-4058 (Proceedings of the 31st USENIX Security Symposium, Security 2022).
Download
@inproceedings{0065c4390e67486fbb7bbef9b5e7cdbc,
title = "Where to Recruit for Security Development Studies: Comparing Six Software Developer Samples",
abstract = "Studying developers is an important aspect of usable security and privacy research. In particular, studying security development challenges such as the usability of security APIs, the secure use of information sources during development or the effectiveness of IDE security plugins raised interest in recent years. However, recruiting skilled participants with software development experience is particularly challenging, and it is often not clear what security researchers can expect from certain participant samples, which can make research results hard to compare and interpret. Hence, in this work, we study for the first time opportunities and challenges of different platforms to recruit participants with software development experience for security development studies. First, we identify popular recruitment platforms in 59 papers. Then, we conduct a comparative online study with 706 participants based on self-reported software development experience across six recruitment platforms. Using an online questionnaire, we investigate participants' programming and security experiences, skills and knowledge. We find that participants across all samples report rich general software development and security experience, skills, and knowledge. Based on our results, we recommend developer recruitment from Upwork for practical coding studies and Amazon MTurk along with a pre-screening survey to reduce additional noise for larger studies. Both of these, along with Freelancer, are also recommended for security studies. We conclude the paper by discussing the impact of our results on future security development studies.",
author = "Harjot Kaur and Sabrina Amft and Daniel Votipka and Yasemin Acar and Sascha Fahl",
year = "2022",
language = "English",
series = "Proceedings of the 31st USENIX Security Symposium, Security 2022",
pages = "4041--4058",
booktitle = "Proceedings of the 31st USENIX Security Symposium, Security 2022",
note = "31st USENIX Security Symposium, Security 2022 ; Conference date: 10-08-2022 Through 12-08-2022",

}

Download

TY - GEN

T1 - Where to Recruit for Security Development Studies

T2 - 31st USENIX Security Symposium, Security 2022

AU - Kaur, Harjot

AU - Amft, Sabrina

AU - Votipka, Daniel

AU - Acar, Yasemin

AU - Fahl, Sascha

PY - 2022

Y1 - 2022

N2 - Studying developers is an important aspect of usable security and privacy research. In particular, studying security development challenges such as the usability of security APIs, the secure use of information sources during development or the effectiveness of IDE security plugins raised interest in recent years. However, recruiting skilled participants with software development experience is particularly challenging, and it is often not clear what security researchers can expect from certain participant samples, which can make research results hard to compare and interpret. Hence, in this work, we study for the first time opportunities and challenges of different platforms to recruit participants with software development experience for security development studies. First, we identify popular recruitment platforms in 59 papers. Then, we conduct a comparative online study with 706 participants based on self-reported software development experience across six recruitment platforms. Using an online questionnaire, we investigate participants' programming and security experiences, skills and knowledge. We find that participants across all samples report rich general software development and security experience, skills, and knowledge. Based on our results, we recommend developer recruitment from Upwork for practical coding studies and Amazon MTurk along with a pre-screening survey to reduce additional noise for larger studies. Both of these, along with Freelancer, are also recommended for security studies. We conclude the paper by discussing the impact of our results on future security development studies.

AB - Studying developers is an important aspect of usable security and privacy research. In particular, studying security development challenges such as the usability of security APIs, the secure use of information sources during development or the effectiveness of IDE security plugins raised interest in recent years. However, recruiting skilled participants with software development experience is particularly challenging, and it is often not clear what security researchers can expect from certain participant samples, which can make research results hard to compare and interpret. Hence, in this work, we study for the first time opportunities and challenges of different platforms to recruit participants with software development experience for security development studies. First, we identify popular recruitment platforms in 59 papers. Then, we conduct a comparative online study with 706 participants based on self-reported software development experience across six recruitment platforms. Using an online questionnaire, we investigate participants' programming and security experiences, skills and knowledge. We find that participants across all samples report rich general software development and security experience, skills, and knowledge. Based on our results, we recommend developer recruitment from Upwork for practical coding studies and Amazon MTurk along with a pre-screening survey to reduce additional noise for larger studies. Both of these, along with Freelancer, are also recommended for security studies. We conclude the paper by discussing the impact of our results on future security development studies.

UR - http://www.scopus.com/inward/record.url?scp=85138472262&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85138472262

T3 - Proceedings of the 31st USENIX Security Symposium, Security 2022

SP - 4041

EP - 4058

BT - Proceedings of the 31st USENIX Security Symposium, Security 2022

Y2 - 10 August 2022 through 12 August 2022

ER -