research-article

Building and Validating a Scale for Secure Software Development Self-Efficacy

Authors:

Daniel Votipka,

Desiree Abrokwa,

Michelle L. MazurekAuthors Info & Claims

CHI '20: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems

Pages 1 - 20

https://doi.org/10.1145/3313831.3376754

Published: 23 April 2020 Publication History

Get Access

Abstract

Security is an essential component of the software development lifecycle. Researchers and practitioners have developed educational interventions, guidelines, security analysis tools, and new APIs aimed at improving security. However, measuring any resulting improvement in secure development skill is challenging. As a proxy for skill, we propose to measure self-efficacy, which has been shown to correlate with skill in other contexts. Here, we present a validated scale measuring secure software-development self-efficacy (SSD-SES). We first reviewed popular secure-development frameworks and surveyed 22 secure-development experts to identify 58 unique tasks. Next, we asked 311 developers - over multiple rounds - to rate their skill at each task. We iteratively updated our questions to ensure they were easily understandable, showed adequate variance between participants, and demonstrated reliability. Our final 15-item scale contains two sub-scales measuring belief in ability to perform vulnerability identification and mitigation as well as security communications tasks.

Supplementary Material

ZIP File (pn8409aux.zip)

The auxiliary material contains a single PDF file with multiple appendices. This includes the text of both surveys administered (i.e., to security experts and developers) and additional data not presented in the paper for space considerations. Specifically, the additional data includes the distribution of software development experience across participants assigned each additional scale and the set of initial items (with sources) generated through our review of relevant frameworks.

Download
87.19 KB

MP4 File (paper625pv.mp4)

Preview video

Download
1.14 MB

MP4 File (a625-votipka-presentation.mp4)

Download
31.95 MB

References

[1]

Yasemin Acar, Michael Backes, Sascha Fahl, Simson L. Garfinkel, Doowon Kim, Michelle L. Mazurek, and Christian Stransky. 2017. Comparing the Usability of Cryptographic APIs. In Proceedings of the 38th IEEE Symposium on Security and Privacy (SP '17). IEEE Computer Society, 154--171. http://dblp.uni-trier.de/ db/conf/sp/sp2017.html#Acar0FGKMS17

Abstract

Supplementary Material

References

Cited By

Index Terms

Recommendations

Computers, self-efficacy, and primary children

The development of a general Internet attitudes scale

Development and Validation of the Self-Efficacy in Human-Robot-Interaction Scale (SE-HRI)

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

HTML Format

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations