Jim Witschey scite author profile

Security tools can help developers build more secure software systems by helping developers detect or fix security vulnerabilities in source code. However, developers do not always use these tools. In this paper, we investigate a number of social factors that impact developers' adoption decisions, based on a multidisciplinary field of research called diffusion of innovations. We conducted 42 one-on-one interviews with professional software developers, and our results suggest a number of ways in which security tool adoption depends on developers' social environments and on the channels through which information about tools is communicated. For example, some participants trusted developers with strong reputations on the Internet as much as they trust their colleagues for information about security tools.

show abstract

Refactoring-aware code review

Sarkar

Witschey

et al. 2017

View full text Add to dashboard Cite

Quantifying developers' adoption of security tools

Witschey

Zielinska

Welk

et al. 2015

View full text Add to dashboard Cite

Security tools could help developers find critical vulnerabilities, yet such tools remain underused. We surveyed developers from 14 companies and 5 mailing lists about their reasons for using and not using security tools. The resulting thirty-nine predictors of security tool use provide both expected and unexpected insights. As we expected, developers who perceive security to be important are more likely to use security tools than those who do not. But that was not the strongest predictor of security tool use, it was instead developers' ability to observe their peers using security tools.

show abstract

Technical and Personal Factors Influencing Developers' Adoption of Security Tools

Witschey

Xiao

Murphy-Hill

2014

View full text Add to dashboard Cite

Security tools analyze programs to help software developers write more secure code. Although these tools have been demonstrated to find vulnerabilities that human developers may not, many developers do not use them, leaving software needlessly vulnerable. To help understand why, we describe a theoretical account of factors that influence developers' adoption decisions. This model was developed based on interviews with 42 professional developers, and is a first step toward a comprehensive theory of security tool adoption based on diffusion of innovations theory.

show abstract

Compiler error notifications revisited: an interaction-first approach for helping developers more effectively comprehend and resolve error notifications

Barik

Witschey

Murphy-Hill

2014

View full text Add to dashboard Cite

Error notifications and their resolutions, as presented by modern IDEs, are still cryptic and confusing to developers. We propose an interaction-first approach to help developers more effectively comprehend and resolve compiler error notifications through a conceptual interaction framework. We propose novel taxonomies that can serve as controlled vocabularies for compiler notifications and their resolutions. We use preliminary taxonomies to demonstrate, through a prototype IDE, how the taxonomies make notifications and their resolutions more consistent and unified.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Jim Witschey

Social influences on secure development tool adoption

Refactoring-aware code review

Quantifying developers' adoption of security tools

Technical and Personal Factors Influencing Developers' Adoption of Security Tools

Compiler error notifications revisited: an interaction-first approach for helping developers more effectively comprehend and resolve error notifications

Contact Info

Product

Resources

About