Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

On Conducting Security Developer Studies with CS Students: Examining a Password-Storage Study with CS Students, Freelancers, and Company Developers

: Naiakshina, A.; Danilova, A.; Gerlitz, E.; Smith, M.

Fulltext ()

Bernhaupt, R. ; Association for Computing Machinery -ACM-, Special Interest Group on Computer and Human Interaction -SIGCHI-:
ACM CHI Conference on Human Factors in Computing Systems, CHI 2020 : April 25-30, 2020, Honolulu, HI, USA
New York: ACM, 2020
ISBN: 978-1-4503-6708-0
13 pp.
Conference on Human Factors in Computing Systems (CHI) <2020, Honolulu/Hawaii>
Conference Paper, Electronic Publication
Fraunhofer FKIE ()

Ecological validity is a major concern in usable security studies with developers. Many studies are conducted with computer science (CS) students out of convenience, since recruiting professional software developers in sufficient numbers is very challenging. In a password-storage study, Naiakshina et al. (CHI'19) showed that CS students behave similarly to freelance developers recruited online. While this is a promising result for conducting developer studies with students, an open question remains: Do professional developers employed in companies behave similarly as well? To provide more insight into the ecological validity of recruiting students for security developer studies, we replicated the study of Naiakshina et al. With developers from diverse companies in Germany. We found that developers employed in companies performed better than students and freelancers in a direct comparison. However, treatment effects were found to be significant in all groups; the treatme nt effects on CS students also held for company developers.