Improving Developers’ Privacy and Security Decisionmaking

Well-intentioned software developers can put user data at risk when they make errors with complicated encryption protocols, abuse device identifiers and location data, or make other mistakes. In this work, we examine why these errors occur and how they can be prevented.

Currently, we are investigating the¬†effect of web resources (for example Stack Overflow) and of cryptography APIs on developers’ decisionmaking.

Developers using Stack Overflow performed worse on security tasks than developers using official Android documentation.
Developers using Stack Overflow performed worse on security tasks than developers using official Android documentation.

 

People

This research is a cooperative effort between the University of Maryland and Saarland University in Saarbrucken, Germany.

At UMD:

  • Doowon Kim, PhD Student, Computer Science
  • Michelle Mazurek, Assistant Professor, Computer Science

At Saarland:

  • Sascha Fahl, Postdoctoral Scholar
  • Yasemin Acar, PhD Student
  • Christian Stransky, PhD Student
  • Michael Backes, Professor

Publications

Y. Acar, M. Backes, S. Fahl, D. Kim, M.L. Mazurek, and C. Stransky. You Get Where You’re Looking For: The Impact of Information Sources on Code Security.¬†In submission.

Sponsors

This research is sponsored in part by the National Institute for Standards and Technology. We thank our NIST collaborators, Simson Garfinkel and Mary Theofanos.