Home // ICSEA 2023, The Eighteenth International Conference on Software Engineering Advances // View article
Authors:
Tuisku Sarrala
Tommi Mikkonen
Keywords: privacy; privacy impact; software development; card-based modeling; systems thinking; personas; scenarios; process improvement
Abstract:
In software development, privacy has become an increasingly critical aspect due to privacy legislation, the growing complexity of software, and the private nature of many computing systems. However, studies reveal that developers often have security-focused understanding of privacy and expect user privacy needs to align with their own. This can risk regulatory compliance and potentially lead to harm to individuals. In this paper, we present a quasi-experimental study that explores how a card-based privacy threat modeling method using systems thinking elements could help to think about privacy threats on a broader scope and from another person's perspective. Sixty-five software engineering course participants used the same card deck. The experimental group created several scenarios, whereas the control group described their software with the cards. Both reflected against privacy principles. The experimental group's threats had broader and more often social scope, showed consideration for individuals, and were more often context-based. The control group's threats were more security focused and had software artifact focused scope. These findings help to understand how developers' understanding of privacy could be broadened. On a practical level, they have the potential to improve current privacy-by-design tools and methods, ultimately leading to more robust privacy protection in software development.
Pages: 85 to 94
Copyright: Copyright (c) IARIA, 2023
Publication date: November 13, 2023
Published in: conference
ISSN: 2308-4235
ISBN: 978-1-68558-098-8
Location: Valencia, Spain
Dates: from November 13, 2023 to November 17, 2023