Gutfleisch, M;
Klemmer, JH;
Busch, N;
Acar, Y;
Sasse, MA;
Fahl, S;
(2022)
How Does Usable Security (Not) End Up in Software Products? Results From a Qualitative Interview Study.
In:
Proceedings of the 2022 IEEE Symposium on Security and Privacy (SP).
(pp. pp. 893-910).
IEEE
Preview |
Text
2020_casa_usec_devs_cr.pdf - Other Download (250kB) | Preview |
Abstract
For software to be secure in practice, users need to be willing and able to appropriately use security features. These features are usually implemented by software professionals during the software development process (SDP), who may be unable to consider the usability of these mechanisms. While research has made progress in supporting developers in creating secure software products, very little attention has been paid to whether and how these security features are made usable. In a semi-structured interview study with 25 software professionals (software developers, designers, architects), we explored how they and other decision-makers encounter and deal with security and usability during the software development process in their companies. Based on 37 hours of interview recordings, we qualitatively analyzed and investigated 23 distinct development contexts in detail. In addition to individual awareness and factors that directly influence the implementation phase, we identify a high impact of contextual factors, such as stakeholder pressure, presence of expertise, and collaboration culture, and the specific implementation of the SDP on usable security in software products. We conclude our work by highlighting important gaps, such as studying and improving contextual factors that contribute to usable security and discussing potential improvements of the status quo.
| Type: | Proceedings paper |
|---|---|
| Title: | How Does Usable Security (Not) End Up in Software Products? Results From a Qualitative Interview Study |
| Event: | 2022 IEEE Symposium on Security and Privacy (SP) |
| Dates: | 22 May 2022 - 26 May 2022 |
| ISBN-13: | 978-1-6654-1316-9 |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1109/SP46214.2022.9833756 |
| Publisher version: | https://doi.org/10.1109/SP46214.2022.9833756 |
| Language: | English |
| Additional information: | This version is the author accepted manuscript. For information on re-use, please refer to the publisher's terms and conditions. |
| UCL classification: | UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science UCL > Provost and Vice Provost Offices > UCL BEAMS UCL |
| URI: | https://discovery.ucl.ac.uk/id/eprint/10155845 |
Loading...
Loading...Loading...Loading...Archive Staff Only
 |
View Item |
