Investigating the role of usable security in developers' intention toward security enhancement in service-oriented applications
Security threats have increased in recent years. To motivate the developers to stick to the security policies, the notion of usable security is investigated. Enhancing the usability of security services leads to developing software products that are resilient against security threats. In this paper, we investigate the role of usable security in developers' intention toward fulfilling the security considerations through the development process. To study this, we conducted empirical research on 25 experts in the field of software development. We proposed a model for analyzing the research outcome using statistical inference based on an extension of the theory of planned behavior. In particular, we posit that attitude toward the development of usable services, subjective norms, and moral obligation are determinants of intention to develop usable security services. We developed 11 security services that are used in the development of service-oriented software. We asked the experts to integrate the security services in the software and studied the integration process using a detailed questionnaire. The findings indicate a strong positive influence of all correlations, which describe developers' intentions to develop usable secure services to 52%. Our insights enhance the understanding of developers' intentions toward developing usable secure services and their fulfillment.
School of Computer Engineering, Iran / University of Science and Technology,Tehran, Iran