It's the Psychology Stupid: How Heuristics Explain Software Vulnerabilities and How Priming Can Illuminate Developer's Blind Spots

This study conducted an IRB-approved study with developers to discover the effectiveness of security cueing on writing safe code. The claim made here is that the cause of vulnerable software is not the lack of security education from the developer’ part, but actually blind spots in developer’s heuristic-based decision-making processes.

Author(s):

Marissa Rosenthal    
Bowdoin College
United States

Nicole Morin    
Bowdoin College
United States

Kuo-Chuan Yeh    
Pennsylvania State University
United States

Justin Cappos    
NYU Poly
United States

Yanyan Zhuang    
University of British Columbia
Canada

Daniela Oliveira    
University of Florida
United States