How Does Usable Security (Not) End Up in Software Products? Results From a Qualitative Interview Study
ABSTRACT
In 25 semi-structured interviews with experienced software professionals, including software developers, architects, and designers, we investigate how software products' usable security is implemented during the development process.
Among a few positive examples highlighting beneficial factors for usable security, we found many interviewees and their organizations not getting usable security in their products. We identify several obstacles and blockers for usable security, including low awareness of and not knowing about usable security, misconceptions, stakeholder pressure, communication barriers, and more.
All in all, we find that contextual factors especially play a role in implementing usable security. Based on our insights, we propose potential improvements for practical software development.
BIO
Jan H. Klemmer is a Ph.D. student at Leibniz University Hannover in Hannover, Germany. His research focuses on usable security with a particular interest in researching developers and other experts and the security of open-source software. He has published several papers in top-tier security conferences, including IEEE S&P and SOUPS. Before starting his Ph.D., Jan H. Klemmer received his bachelor's and master's degrees in Computer Science from Leibniz University Hannover.