Master - Seminar - Mental Models in Developer-Centered-Security
Developer-Centered Usable Security (DCUS) is an interesting subfield of Usable Security and Privacy, where participants in empirical studies are e.g. software developers, administrators, or other expert-level participants, or their proxies [1]. Mental models of IT security have been explored for end users [2] and also expert user groups, like administrators [3].
Your tasks:
Your goal in this seminar is to get a comprehensive overview over what mental models in developer-centered usable security and privacy have been investigated, with a focus on the past 5 years (2020 - 2025) and to summarize the findings.
Some specific research questions:
- What specific aspects of IT security appear in the mental models?
- What mental models of threats have been reported in the literature?
- What type of developers / other expert users were investigated?
Literature
[1] Tahaei, M., & Vaniea, K. (2019). A survey on developer-centred security. online: here
[2] Wash, R. (2010). Folk models of home computer security.; online: here
[3] Krombholz, K., Busse, K., Pfeffer, K., Smith, M., & Von Zezschwitz, E. (2019, May). " If HTTPS Were Secure, I Wouldn't Need 2FA"; online: here
