ABSTRACT
Software developers are inundated with responsibility to incorporate privacy artifacts into software design from the onset in line with best practices. However, little is understood about the struggles developers face implementing privacy into software design. This PhD will undertake: (1) a Systematic Literature Review (SLR) to understand developers interpretation or lack thereof of privacy regulations while incorporating privacy into software systems; (2) two task-based studies to analyze software developers' privacy compliance to ascertain whether or not they are able to comply with regulatory standards in implementing privacy into software design; (3) analyze mental models adopted by developers when trying to ameliorate their struggles, and (4) then design and evaluate a framework that helps developers make informed privacy decisions.
- Abdulrahman Alhazmi and Nalin AG Arachchilage. 2021. A Serious Game Design Framework for Software Developers to Put GDPR into Practice. In The 16th International Conference on Availability, Reliability and Security. 1--6.Google ScholarDigital Library
- Abdulrahman Alhazmi and Nalin Asanka Gamagedara Arachchilage. 2021. I'm all ears! Listening to software developers on putting GDPR principles into software development practice. Personal and Ubiquitous Computing (2021), 1--14.Google Scholar
- Ingolf Becker, Simon Parkin, and M Angela Sasse. 2017. Finding security champions in blends of organisational culture. Proc. USEC 11 (2017).Google ScholarCross Ref
- Andrew Begel and Beth Simon. 2008. Novice software developers, all over again. In Proceedings of the fourth international workshop on computing education research. 3--14.Google ScholarDigital Library
- Ann Cavoukian et al. 2009. Privacy by design: The 7 foundational principles. Information and privacy commissioner of Ontario, Canada 5 (2009), 12.Google Scholar
- Souti Chattopadhyay, Nicholas Nelson, Audrey Au, Natalia Morales, Christopher Sanchez, Rahul Pandita, and Anita Sarma. 2020. A tale from the trenches: cognitive biases and software development. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering. 654--665.Google ScholarDigital Library
- Partha Das Chowdhury, Joseph Hallett, Nikhil Patnaik, Mohammad Tahaei, and Awais Rashid. 2021. Developers Are Neither Enemies Nor Users: They Are Collaborators. In 2021 IEEE Cybersecurity Development (SecDev). 22--26.Google Scholar
- Duy Dang-Pham, Siddhi Pittayachawan, and Vince Bruno. 2017. Applications of social network analysis in behavioural information security research: Concepts and empirical analysis. Computers & Security 68 (2017), 1--15.Google ScholarDigital Library
- Yuanyuan Feng, Yaxing Yao, and Norman Sadeh. 2021. A Design Space for Privacy Choices: Towards Meaningful Privacy Control in the Internet of Things. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. 1--16.Google ScholarDigital Library
- Colin M. Gray, Yubo Kou, Bryan Battles, Joseph Hoggatt, and Austin L. Toombs. 2014. Using psycho-physiological measures to assess task difficulty in software development. In Proceedings of the 36th ICSE. ACM. 402--413.Google Scholar
- Irit Hadar, Tomer Hasson, Oshrat Ayalon, Eran Toch, Michael Birnhack, Sofia Sherman, and Arod Balissa. 2018. Privacy by designers: software developers' privacy mindset. Empirical Software Engineering 23, 1 (2018), 259--289.Google ScholarDigital Library
- Andrew J Ko, Robert DeLine, and Gina Venolia. 2007. Information needs in collocated software development teams. In 29th International Conference on Software Engineering (ICSE'07). IEEE, 344--353.Google ScholarDigital Library
- André N Meyer, Laura E Barton, Gail C Murphy, Thomas Zimmermann, and Thomas Fritz. 2017. The work life of developers: Activities, switches and perceived productivity. IEEE Transactions on Software Engineering 43, 12 (2017), 1178--1193.Google ScholarDigital Library
- André N Meyer, Thomas Fritz, Gail C Murphy, and Thomas Zimmermann. 2014. Software developers' perceptions of productivity. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering. 19--29.Google ScholarDigital Library
- State of California Department of Justice. 2018. California Consumer Privacy Act (CCPA). https://oag.ca.gov/privacy/ccpa Last accessed November 2021.Google Scholar
- The European parliament and the council of the European union. 2018. General Data Protection Regulation (GDPR). https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679 Last accessed November 2021.Google Scholar
- Hiep Cong Pham, Linda Brennan, Lukas Parker, Nhat Tram Phan-Le, Irfan Ulhaq, Mathews Zanda Nkhoma, and Minh Nhat Nguyen. 2019. Enhancing cyber security behavior: an internal social marketing approach. Information & Computer Security (2019).Google Scholar
- Iskander Sanchez-Rola, Matteo Dell'Amico, Platon Kotzias, Davide Balzarotti, Leyla Bilge, Pierre-Antoine Vervier, and Igor Santos. 2019. Can i opt out yet? gdpr and the global illusion of cookie control. In Proceedings of the 2019 ACM Asia conference on computer and communications security. 340--351.Google ScholarDigital Library
- Mohammad Tahaei, Alisa Frik, and Kami Vaniea. 2021. Privacy Champions in Software Teams: Understanding Their Motivations, Strategies, and Challenges. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. 1--15.Google ScholarDigital Library
- Mohammad Tahaei and Kami Vaniea. 2019. A Survey on Developer-Centred Security. In 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 129--138.Google ScholarCross Ref
- Ari Ezra Waldman. 2018. Designing without privacy. Houston Law Review 55, 659 (2018).Google Scholar
- Xueling Zhang, Xiaoyin Wang, Rocky Slavin, Travis Breaux, and Jianwei Niu. 2020. How does misconfiguration of analytic services compromise mobile privacy?. In 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE). IEEE, 1572--1583.Google ScholarDigital Library
Index Terms
- A framework to support software developers in implementing privacy features
Recommendations
Why developers cannot embed privacy into software systems?: An empirical investigation
EASE '18: Proceedings of the 22nd International Conference on Evaluation and Assessment in Software Engineering 2018Pervasive use of software applications continue to challenge user privacy when users interact with software systems. Even though privacy practices such as Privacy by Design (PbD), have clear instructions for software developers to embed privacy into ...
A Serious Game Design Framework for Software Developers to Put GDPR into Practice
ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and SecurityThe growth of the internet has significantly increased data breaches (i.e. privacy breaches) in software systems. It could be argued that software developers failed to implement privacy into software systems with the appropriate privacy guidelines or ...
Multicriteria decision‐making–based framework for implementing DevOps practices: A fuzzy best–worst approach
AbstractIncreasingly, software organizations are implementing DevOps culture to benefit from it in terms of continuous testing, delivery, improvement, and so forth. Implementing DevOps is difficult due to a lack of understanding about the practices and ...
In Phase 1, the search string was applied to find relevant articles on six digital libraries. Inclusion and exclusion criteria were applied to research articles retrieved from various databases as a part of Phase 2. Afterward, the relevance of the ...
Comments