Lessons Learned from Using an Online Platform to Conduct Large-Scale, Online Controlled Security Experiments with Software Developers
Authors:
Christian Stransky, Yasemin Acar, Duc Cuong Nguyen, Dominik Wermke, Doowon Kim, Elissa M. Redmiles, Michael Backes, Simson L. Garfinkel, Michelle L. Mazurek, and Sascha Fahl.
Venue:
10th USENIX Workshop on Cyber Security Experimentation and Test
(CSET)
Type:
Workshop publication
Abstract
Security and privacy researchers are increasingly conducting controlled experiments focusing on IT professionals, such as software developers and system administrators. These professionals are typically more difficult to recruit than general end-users. In order to allow for distributed recruitment of IT professionals for security user studies, we designed Developer Observatory, a browser-based virtual laboratory platform that enables controlled programming experiments while retaining most of the observational power of lab studies. The Developer Observatory can be used to conduct largescale, reliable online programming studies with reasonable external validity. We report on our experiences and lessons learned from two controlled programming experiments (n>200) conducted using Developer Observatory.Reference
@inproceedings{stransky2017lessons,
title = {Lessons Learned from Using an Online Platform to Conduct Large-Scale, Online Controlled Security Experiments with Software Developers},
author = {Christian Stransky and Yasemin Acar and Duc Cuong Nguyen and Dominik Wermke and Doowon Kim and Elissa M. Redmiles and Michael Backes and Simson L. Garfinkel and Michelle L. Mazurek and Sascha Fahl},
year = {2017},
month = aug,
booktitle = {10th USENIX Workshop on Cyber Security Experimentation and Test, CSET 2017, Vancouver, BC, Canada, August 14, 2017},
publisher = {USENIX Association},
url = {https://www.usenix.org/conference/cset17/workshop-program/presentation/stransky},
date = {2017-08-14},
}