Security tools can help developers build more secure software systems by helping developers detect or fix security vulnerabilities in source code. However, developers do not always use these tools. In this paper, we investigate a number of social factors that impact developers' adoption decisions, based on a multidisciplinary field of research called diffusion of innovations. We conducted 42 one-on-one interviews with professional software developers, and our results suggest a number of ways in which security tool adoption depends on developers' social environments and on the channels through which information about tools is communicated. For example, some participants trusted developers with strong reputations on the Internet as much as they trust their colleagues for information about security tools.
Security tools analyze programs to help software developers write more secure code. Although these tools have been demonstrated to find vulnerabilities that human developers may not, many developers do not use them, leaving software needlessly vulnerable. To help understand why, we describe a theoretical account of factors that influence developers' adoption decisions. This model was developed based on interviews with 42 professional developers, and is a first step toward a comprehensive theory of security tool adoption based on diffusion of innovations theory.
Abstract-Our recent work uses sociological theories and interview techniques to discover why so few developers use tools that help them write secure code. In this experience report, we describe nine challenges we encountered in planning and conducting an interview study with industrial practitioners, from choosing a population of interest to presenting the work in a way that resonates with the research community. In doing so, we aim to spur discussion in the software engineering research community about common challenges in empirical research and ways to address them.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.