English

Am I Responsible for End-User's Security? A Programmer's Perspective

Cryptography and Security 2018-08-07 v1 Computers and Society

Abstract

Previous research has pointed that software applications should not depend on programmers to provide security for end-users as majority of programmers are not experts of computer security. On the other hand, some studies have revealed that security experts believe programmers have a major role to play in ensuring the end-users' security. However, there has been no investigation on what programmers perceive about their responsibility for the end-users' security of applications they develop. In this work, by conducting a qualitative experimental study with 40 software developers, we attempted to understand the programmer's perception on who is responsible for ensuring end-users' security of the applications they develop. Results revealed majority of programmers perceive that they are responsible for the end-users' security of applications they develop. Furthermore, results showed that even though programmers aware of things they need to do to ensure end-users' security, they do not often follow them. We believe these results would change the current view on the role that different stakeholders of the software development process (i.e. researchers, security experts, programmers and Application Programming Interface (API) developers) have to play in order to ensure the security of software applications.

Keywords

Cite

@article{arxiv.1808.01481,
  title  = {Am I Responsible for End-User's Security? A Programmer's Perspective},
  author = {Chamila Wijayarathna and Nalin Asanka Gamagedara Arachchilage},
  journal= {arXiv preprint arXiv:1808.01481},
  year   = {2018}
}

Comments

4, USENIX Symposium on Usable Privacy and Security (SOUPS), August 12 14 Baltimore, MD, USA,2018

R2 v1 2026-06-23T03:24:28.963Z