Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Developer Centered > Developer study design > Flashcards

Developer study design Flashcards

1
Q

On the ecological validity of online sec dev studies Setup

A

Deception study:
Deception might cause unknown behavior if participants know deception study
Only use after careful consideration
Does it affect developers if they know they are producing code for a company instead of a study

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

On the ecological validity of online sec dev studies - Differences

A

Real project had no study announcement and only allowed JSF
Study allowed for JSF and Spring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

On the ecological validity of online sec dev studies - Procedure and Request

A

First submission. If plaintext storage (SeqRequest-P) if SecScore < 6 (SeqRequest-G)
Finally Survey.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

On the ecological validity of online sec dev studies - Results

A

Could check for attempted security (online setting) => check for achieved security
H-P1: Prompting has positive effect on achieving security YES
H-F1: Framework has an effect on the security score of participants achieving security NO
Years of Java experience have an effect on the security scores NO
If participants state that they have previously stored passwords, it affects the likelihood that they store them securely NO
Takeaways:
Study with deception and replication with announcement yielded same results
=> Deception not always necessary
Instruct to use security guidelines! If not known prompting does help aswell.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Code Reviewing as Methodology - Setup

A

Let participants review code instead of writing yourself.
RQ1: How do developers behave when reviewing code in a security-critical task such as password storage?
RQ2: Which factors have an influence on developers’ security awareness?
RQ3: How much time do developers dedicate to security and do they feel
responsible for security in a code review?
RQ4: Comparing the results of a programming and a code reviewing task on
password storage, which methodological implications can we conclude?
IV1: Prompt half of developers to look for security issues.
IV2: Different password-storage issues (MD5, Base64, plaintext) in between-subjects study
Delete Comments and add generic comments to all code
Arrange function order two distraction task for all snippets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Code Reviewing as Metholodgy Results

A

Half wanted to release insecure code. Prompting made a significant difference
Participants feel resposible but couldnt act accordingly.
Not suggesting to replace coding studies with code review studies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Developer Centered (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions