Developers and System Administrators

Learning Outcomes

Topics

• Expert users
• Developers
• Privacy from a developer standpoint

Understand

• How developers think about and define privacy.

Apply

• Open a quick start guide for including an advertising library in an app. Search for the words “privacy”, “consent”, and “permissions”. How is the guide defining the concept of privacy?

Required Reading

• Prybylo, Maxwell, et al. “Evaluating privacy perceptions, experience, and behavior of software development teams.” Twentieth Symposium on Usable Privacy and Security (SOUPS 2024). 2024.

Additional Resources

• Fulton, Kelsey R., et al. “Write, Read, or Fix? Exploring Alternative Methods for Secure Development Studies.” Twentieth Symposium on Usable Privacy and Security (SOUPS 2024). 2024

• M. Green and M. Smith, “Developers are Not the Enemy!: The Need for Usable Security APIs,” in IEEE Security & Privacy, vol. 14, no. 5, pp. 40-46, Sept.-Oct. 2016, doi: 10.1109/MSP.2016.111

• Acar, Yasemin, et al. “You get where you’re looking for: The impact of information sources on code security.”

• Naiakshina, Alena, et al. “Deception Task Design in Developer Password Studies: Exploring a Student Sample.”

• Naiakshina, Alena, et al. "" If you want, I can store the encrypted password" A Password-Storage Field Study with Freelance Developers."

• https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html

• Garfinkel, Simson L. “The cybersecurity risk.” Communications of the ACM 55.6 (2012): 29-32.

• Wash, Rick, et al. “Out of the loop: How automated software updates cause unintended security consequences.” Symposium on Usable Privacy and Security (SOUPS). 2014.

• Li, Frank, et al. “Keepers of the machines: examining how system administrators manage software updates.”

• Krombholz, Katharina, et al. "" If HTTPS Were Secure, I Wouldn’t Need 2FA"-End User and Administrator Mental Models of HTTPS."