Skip to main content
QUICK REVIEW

[论文解读] Cybersecurity Discussions in Stack Overflow: A Developer-Centred Analysis of Engagement and Self-Disclosure Behaviour

Nicolás E. Díaz Ferreyra, Melina Vidoni|arXiv (Cornell University)|Jul 4, 2022
Privacy, Security, and Data Protection被引用 2
一句话总结

本研究采用混合方法,分析了开发者在 Stack Overflow 上网络安全讨论中的参与度与自我披露行为。研究发现,33% 的网络安全问题未获回答,且主动用户在个人资料中披露的个人信息显著少于被动或未参与用户,尽管未发现参与度与隐私担忧或个人数据控制感之间的关联。

ABSTRACT

Stack Overflow (SO) is a popular platform among developers seeking advice on various software-related topics, including privacy and security. As for many knowledge-sharing websites, the value of SO depends largely on users’ engagement, namely their willingness to answer, comment or post technical questions. Still, many of these questions (including cybersecurity-related ones) remain unanswered, putting the site’s relevance and reputation into jeopardy. Hence, it is important to understand users’ participation in privacy and security discussions to promote engagement and foster the exchange of such expertise. Objective: Based on prior findings on online social networks, this work elaborates on the interplay between users’ engagement and their privacy practices in SO. Particularly, it analyses developers’ self-disclosure behaviour regarding profile visibility and their involvement in discussions related to privacy and security. Method: We followed a mixed-methods approach by (i) analysing SO data from 1239 cybersecurity-tagged questions along with 7048 user profiles, and (ii) conducting an anonymous online survey (N=64). Results: About 33% of the questions we retrieved had no answer, whereas more than 50% had no accepted answer. We observed that proactive users tend to disclose significantly less information in their profiles than reactive and unengaged ones. However, no correlations were found between these engagement categories and privacy-related constructs such as perceived control or general privacy concerns. Implications: These findings contribute to (i) a better understanding of developers’ engagement towards privacy and security topics, and (ii) to shape strategies promoting the exchange of cybersecurity expertise in SO.

研究动机与目标

  • 理解开发者在 Stack Overflow 网络安全讨论中的参与模式。
  • 探究用户在隐私与安全话题中的自我披露行为如何与其参与程度相关。
  • 识别影响平台上网络安全问题低响应率的因素。
  • 为改善开发者社区中网络安全专业知识的交流提供策略支持。

提出的方法

  • 收集并分析了来自 Stack Overflow 的 1,239 个标记为网络安全的问题及 7,048 个用户资料。
  • 对 64 名开发者进行了匿名在线调查,以评估隐私担忧和控制感等心理构念。
  • 使用统计分析方法,检验自我披露、参与程度与隐私相关态度之间的相关性。
  • 根据用户在问答活动中的参与情况,将用户划分为主动型、被动型和未参与型三类。
  • 应用 Cronbach’s Alpha 以验证调查工具的可靠性,结果均高于 0.7。
  • 通过谨慎抽样和承认观察性研究的局限性,应对外部与内部效度威胁。

实验结果

研究问题

  • RQ1Stack Overflow 上网络安全讨论的参与度如何?未回答的问题在多大程度上影响平台的可信度?
  • RQ2在网络安全讨论中,不同参与度水平(主动型、被动型、未参与型)的用户在个人资料中的自我披露行为有何差异?
  • RQ3用户隐私担忧与其在 Stack Overflow 网络安全问答中的参与度之间是否存在显著相关性?
  • RQ4感知控制感与普遍隐私担忧在多大程度上影响用户参与安全相关讨论?

主要发现

  • Stack Overflow 上 1,239 个标记为网络安全的问题中,33% 未获回答,表明存在显著的‘答案饥渴’问题。
  • 超过 50% 的分析问题未设置已接受的答案,凸显了安全与隐私问题的持续未解状态。
  • 主动用户(频繁回答或评论者)在个人资料中披露的个人信息显著少于被动或未参与用户。
  • 未发现用户参与程度与隐私担忧或个人数据控制感之间存在统计学上显著的相关性。
  • 研究证实,尽管平台规模庞大且相关性高,但网络安全讨论中的参与度仍较低且不一致。
  • 研究结果表明,内在动机(如认可感)可能影响自我披露与参与行为,但因研究为观察性设计,无法建立因果关系。

更好的研究,从现在开始

从论文设计到论文写作,大幅缩短您的研究时间。

无需绑定信用卡

本解读由 AI 生成,并经人工编辑审核。