research-article

Public Access

Technical and Personal Factors Influencing Developers' Adoption of Security Tools

Authors:

Jim Witschey,

Shundan Xiao,

Emerson Murphy-HillAuthors Info & Claims

SIW '14: Proceedings of the 2014 ACM Workshop on Security Information Workers

Pages 23 - 26

https://doi.org/10.1145/2663887.2663898

Published: 07 November 2014 Publication History

PDF eReader

Abstract

Security tools analyze programs to help software developers write more secure code. Although these tools have been demonstrated to find vulnerabilities that human developers may not, many developers do not use them, leaving software needlessly vulnerable. To help understand why, we describe a theoretical account of factors that influence developers' adoption decisions. This model was developed based on interviews with 42 professional developers, and is a first step toward a comprehensive theory of security tool adoption based on diffusion of innovations theory.

References

[1]

I. Ajzen. The theory of planned behavior. Organizational behavior and human decision processes, 1991.

Google Scholar

[2]

P. Y. Chau and K. Lung Hui. Identifying early adopters of new IT products: A case of Windows 95. Information & Management, 33(5):225--230, May 1998.

Digital Library

Google Scholar

[3]

S. Das, T. H.-J. Kim, L. A. Dabbish, and J. I. Hong. The effect of social influence on security sensitivity. SOUPS, 2014.

Google Scholar

[4]

F. Davis. Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS quarterly, 13(3):319--340, 1989.

Digital Library

Google Scholar

[5]

B. Johnson, Y. Song, E. Murphy-Hill, and R. Bowdidge. Why don't software developers use static analysis tools to find bugs? ICSE, pages 672--681, 2013.

Digital Library

Google Scholar

[6]

L. Meyerovich and A. Rabkin. Empirical analysis of programming language adoption. OOPSLA, 48(10):1--18, Nov. 2013.

Digital Library

Google Scholar

[7]

E. Murphy-Hill and G. C. Murphy. Peer interaction effectively, yet infrequently, enables programmers to discover new tools. CSCW, pages 405--414, 2011.

Digital Library

Google Scholar

[8]

N. Nethercote and J. Seward. Valgrind: a framework for heavyweight dynamic binary instrumentation. ACM SIGPLAN Notices, 42(6):89--100, 2007.

Digital Library

Google Scholar

[9]

E. M. Rogers. Diffusion of innovations. 1995.

Google Scholar

[10]

L. Singer. Improving the adoption of software engineering practices through persuasive interventions. PhD thesis, Gottfried Wilhelm Leibniz Universitüt Hannover, 2013.

Google Scholar

[11]

S. Xiao, J. Witschey, and E. Murphy-Hill. Social Influences on Secure Development Tool Adoption: Why Security Tools Spread. CSCW, pages 1095--1106, 2014.

Digital Library

Google Scholar

Cited By

View all

Karanassios CHadan HZhang-Kennedy LAssal H(2024)Towards Security-Focused Developer PersonasProceedings of the 13th Nordic Conference on Human-Computer Interaction10.1145/3679318.3685406(1-18)Online publication date: 13-Oct-2024
https://dl.acm.org/doi/10.1145/3679318.3685406
Andreina SCloosters TDavi LGiesen JGutfleisch MKarame GNaiakshina ANaji HLuo BLiao XXu JKirda ELie D(2024)Defying the Odds: Solana's Unexpected Resilience in Spite of the Security Challenges Faced by DevelopersProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670333(4226-4240)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670333
OLUSANYA OJIMOH RMISRA SAWOTUNDE J(2024)A Neuro-Fuzzy Security Risk Assessment System for Software Development Life CycleHeliyon10.1016/j.heliyon.2024.e33495(e33495)Online publication date: Jun-2024
https://doi.org/10.1016/j.heliyon.2024.e33495
Show More Cited By

Index Terms

Technical and Personal Factors Influencing Developers' Adoption of Security Tools
1. Software and its engineering

Recommendations

Social influences on secure development tool adoption: why security tools spread
CSCW '14: Proceedings of the 17th ACM conference on Computer supported cooperative work & social computing

Security tools can help developers build more secure software systems by helping developers detect or fix security vulnerabilities in source code. However, developers do not always use these tools. In this paper, we investigate a number of social ...
Quantifying developers' adoption of security tools
ESEC/FSE 2015: Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering

Security tools could help developers find critical vulnerabilities, yet such tools remain underused. We surveyed developers from 14 companies and 5 mailing lists about their reasons for using and not using security tools. The resulting thirty-nine ...
Factors influencing the adoption of the internet
Special issue: A global perspective on electronic commerce

The Internet has been given tremendous publicity in recent years. However, most research focuses on Europe or America rather on than Asian countries. This study hopes to contribute to a better understanding of the Internet phenomenon in Asia by ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SIW '14: Proceedings of the 2014 ACM Workshop on Security Information Workers

November 2014

66 pages

ISBN:9781450331524

DOI:10.1145/2663887

Organizing Chairs:
Robert Biddle
Carleton University, Canada
,
Bill Chu
University of North Carolina at Charlotte, USA
,
Emerson Murphy-Hill
North Carolina State University, USA
,
Heather Lipford
University of North Carolina at Charlotte, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

U.S. Department of Energy

Conference

CCS'14

Sponsor:

SIGSAC

CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security

November 7, 2014

Arizona, Scottsdale, USA

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

24
Total Citations
View Citations
902
Total Downloads

Downloads (Last 12 months)145
Downloads (Last 6 weeks)14

Reflects downloads up to 20 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Karanassios CHadan HZhang-Kennedy LAssal H(2024)Towards Security-Focused Developer PersonasProceedings of the 13th Nordic Conference on Human-Computer Interaction10.1145/3679318.3685406(1-18)Online publication date: 13-Oct-2024
https://dl.acm.org/doi/10.1145/3679318.3685406
Andreina SCloosters TDavi LGiesen JGutfleisch MKarame GNaiakshina ANaji HLuo BLiao XXu JKirda ELie D(2024)Defying the Odds: Solana's Unexpected Resilience in Spite of the Security Challenges Faced by DevelopersProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670333(4226-4240)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670333
OLUSANYA OJIMOH RMISRA SAWOTUNDE J(2024)A Neuro-Fuzzy Security Risk Assessment System for Software Development Life CycleHeliyon10.1016/j.heliyon.2024.e33495(e33495)Online publication date: Jun-2024
https://doi.org/10.1016/j.heliyon.2024.e33495
Mink JKaur HSchmüser JFahl SAcar YCalandrino JTroncoso C(2023)"Security is not my field, I'm a stats guy"Proceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620448(3763-3780)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620448
Sharma TZhou ZMiller AWang YCalandrino JTroncoso C(2023)A mixed-methods study of security practices of smart contract developersProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620380(2545-2562)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620380
Nurgalieva LFrik ADoherty G(2023)A Narrative Review of Factors Affecting the Implementation of Privacy and Security Practices in Software DevelopmentACM Computing Surveys10.1145/358995155:14s(1-27)Online publication date: 4-Apr-2023
https://dl.acm.org/doi/10.1145/3589951
Brun YLin TSomerville JMyers EEbner N(2023)Blindspots in Python and Java APIs Result in Vulnerable CodeACM Transactions on Software Engineering and Methodology10.1145/357185032:3(1-31)Online publication date: 26-Apr-2023
https://dl.acm.org/doi/10.1145/3571850
Lopez TSharp HBandara ATun TLevine MNuseibeh B(2023)Security Responses in Software DevelopmentACM Transactions on Software Engineering and Methodology10.1145/356321132:3(1-29)Online publication date: 26-Apr-2023
https://dl.acm.org/doi/10.1145/3563211
Ryan IRoedig UStol K(2023)Measuring Secure Coding Practice and Culture: A Finger Pointing at the Moon is not the Moon2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE)10.1109/ICSE48619.2023.00140(1622-1634)Online publication date: May-2023
https://doi.org/10.1109/ICSE48619.2023.00140
Fulton KChan AVotipka DHicks MMazurek MChiasson S(2021)Benefits and drawbacks of adopting a secure programming languageProceedings of the Seventeenth USENIX Conference on Usable Privacy and Security10.5555/3563572.3563603(597-616)Online publication date: 9-Aug-2021
https://dl.acm.org/doi/10.5555/3563572.3563603
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Social influences on secure development tool adoption: why security tools spread

Quantifying developers' adoption of security tools

Factors influencing the adoption of the internet