Focused on the User, Overlooking the Risks: Security and Privacy Understandings, Practices and Challenges of Independent Chinese AI Agent Developers
Pith reviewed 2026-06-28 08:46 UTC · model grok-4.3
The pith
Independent Chinese AI agent developers focus on user-facing safety risks like harmful content but show low awareness of security vulnerabilities.
A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.
Core claim
Independent developers frequently think and act from their users' perspective. They focused on user-facing safety risks such as harmful content while exhibiting low awareness of security vulnerabilities. Consequently, developers rely almost exclusively on ad-hoc, manually crafted safeguards and informal communication, with an absence of formal tools or processes for S&P practices. These actions are driven by a lack of formal training on S&P related skills, accessible security tools and actionable guidance from platforms.
What carries the argument
The user-centric mindset directing attention to content safety over technical security vulnerabilities in AI agent development.
If this is right
- Developers create AI agents with ad-hoc protections that may miss common security issues.
- Absence of formal S&P processes increases reliance on personal judgment.
- Platforms could address gaps by offering better guidance and tools.
- Lack of training leads to uneven S&P practices across independent projects.
Where Pith is reading between the lines
- Security researchers might find more vulnerabilities in independently developed AI agents than in corporate ones.
- Efforts to improve AI safety could benefit from targeting individual developers with educational resources.
- Similar patterns may exist among independent developers in other regions using global LLM services.
Load-bearing premise
That the self-reported behaviors of the 28 interviewed developers accurately mirror their actual practices and represent the wider population of independent Chinese AI agent developers.
What would settle it
A survey or audit of a larger group of independent developers finding that most use formal security tools and processes in their AI agents.
Figures
read the original abstract
The proliferation of AI agents empowers independent developers, defined as individual or small groups who self-initiate projects rather than fulfill client-based contracts, to create sophisticated autonomous systems, but also introduces novel security and privacy (S&P) challenges beyond traditional corporate structures. We conducted an interview study (N=28) with Chinese developers, whose extensive use of global LLM services offer valuable insights into this population. We investigate their understandings, practices and challenges of S&P challenges in their developed AI agent products. We revealed that independent developers frequently think and act from their users' perspective. They focused on user-facing safety risks such as harmful content while exhibiting low awareness of security vulnerabilities. Consequently, developers rely almost exclusively on ad-hoc, manually crafted safeguards and informal communication, with an absence of formal tools or processes for S&P practices. We found these actions are driven by various inhibitors, primarily a lack of formal training on S&P related skills, accessible security tools and actionable guidance from platforms. Our work contributed the first exploration of independent AI agent developers' S&P understanding, outlining opportunities for tailored security tooling.
Editorial analysis
A structured set of objections, weighed in public.
Referee Report
Summary. The paper reports results from a qualitative interview study with N=28 independent Chinese AI agent developers. It claims that these developers adopt a user-centric perspective, prioritizing user-facing safety risks such as harmful content while showing low awareness of security vulnerabilities; as a result they rely exclusively on ad-hoc, manually crafted safeguards and informal communication rather than formal tools or processes. The study identifies primary inhibitors as lack of formal S&P training, accessible security tools, and actionable platform guidance, positioning the work as the first exploration of this population's S&P understandings.
Significance. If the findings are reliable, the work supplies the first empirical account of S&P practices among independent AI agent developers, a growing population outside corporate structures. The identification of a user-safety versus technical-security gap and the listed inhibitors could directly inform the design of targeted tooling and educational resources for this group.
major comments (3)
- [Methods] Methods section: The manuscript supplies no details on recruitment procedures, interview protocol, transcription/coding process, or inter-coder reliability. Without these, it is impossible to evaluate selection bias in the convenience sample or the rigor with which low security awareness versus high user-safety focus was probed, directly undermining confidence that the data support the central claims.
- [Findings] Findings / Results sections: All claims of “low awareness of security vulnerabilities” and “absence of formal tools or processes” rest exclusively on self-reported interview responses. No triangulation via code inspection, artifact analysis, or behavioral observation is described; this is load-bearing because recall bias or social-desirability effects could systematically inflate reports of ad-hoc practices and understate actual tool use.
- [Discussion] Discussion: The assertion that the N=28 sample suffices to identify the “main challenges and inhibitors for the broader population” is not supported by any discussion of saturation, sample diversity, or limitations of self-selection among developers willing to discuss S&P topics.
minor comments (2)
- [Abstract] The abstract and introduction repeatedly use “S&P” without an initial definition; a brief parenthetical expansion on first use would improve readability.
- [Related Work] Related-work section appears to omit several recent HCI studies on developer security practices outside the AI-agent context; adding 2–3 citations would better situate the novelty claim.
Simulated Author's Rebuttal
We thank the referee for their constructive feedback. We address each major comment below and indicate where revisions will be incorporated.
read point-by-point responses
-
Referee: [Methods] Methods section: The manuscript supplies no details on recruitment procedures, interview protocol, transcription/coding process, or inter-coder reliability. Without these, it is impossible to evaluate selection bias in the convenience sample or the rigor with which low security awareness versus high user-safety focus was probed, directly undermining confidence that the data support the central claims.
Authors: We agree the methods section is insufficiently detailed. In revision we will expand it with: recruitment via WeChat groups, GitHub issues and snowball sampling among independent Chinese AI developers; the full semi-structured interview protocol with example prompts on user-safety vs. technical security; transcription process; inductive thematic coding procedure; and inter-coder reliability steps (two coders, discrepancy resolution meetings). These additions will allow readers to assess selection bias and probing rigor. revision: yes
-
Referee: [Findings] Findings / Results sections: All claims of “low awareness of security vulnerabilities” and “absence of formal tools or processes” rest exclusively on self-reported interview responses. No triangulation via code inspection, artifact analysis, or behavioral observation is described; this is load-bearing because recall bias or social-desirability effects could systematically inflate reports of ad-hoc practices and understate actual tool use.
Authors: The study is an exploratory qualitative interview investigation of reported understandings and practices; self-report is the primary data source by design. We will add an explicit limitations paragraph discussing recall bias and social-desirability effects. Because the original protocol did not include artifact collection, we cannot retroactively add triangulation; we will note this as a boundary condition and suggest future mixed-methods work. revision: partial
-
Referee: [Discussion] Discussion: The assertion that the N=28 sample suffices to identify the “main challenges and inhibitors for the broader population” is not supported by any discussion of saturation, sample diversity, or limitations of self-selection among developers willing to discuss S&P topics.
Authors: We will revise the discussion to report thematic saturation (no new codes after the 22nd interview), sample diversity (range of developer experience, project types, and locations), and self-selection limitations. This framing is consistent with qualitative standards for identifying core themes in an emerging population rather than claiming statistical generalizability. revision: yes
Circularity Check
Empirical qualitative interview study with no derivation chain or fitted predictions
full rationale
The paper reports findings from semi-structured interviews (N=28) with independent Chinese AI agent developers. All central claims about understandings, practices, and challenges are presented as direct interpretations of participant responses. There are no equations, no parameter fitting, no 'predictions' derived from subsets of data, and no self-citation chains invoked to justify uniqueness theorems or ansatzes. The study is self-contained against external benchmarks in the sense that its claims rest on the interview corpus rather than reducing to any internal construction or prior author work by definition.
Axiom & Free-Parameter Ledger
axioms (1)
- domain assumption Qualitative interviews can reliably surface developers' understandings, practices, and challenges regarding security and privacy.
Reference graph
Works this paper leans on
-
[1]
Yasemin Acar, Sascha Fahl, and Michelle L Mazurek. 2016. You are not your developer, either: A research agenda for usable security and privacy research beyond end users.2016 IEEE Cybersecurity Development (SecDev)(2016), 3–8
2016
-
[2]
Mutahar Ali, Arjun Arunasalam, and Habiba Farrukh. 2025. Understanding Users’ Security and Privacy Concerns and Attitudes Towards Conversational AI Platforms. In2025 IEEE Symposium on Security and Privacy (SP). IEEE, 298–316
2025
-
[3]
Dee T Allsop, Bryce R Bassett, and James A Hoskins. 2007. Word-of-mouth research: Principles and applications.Journal of advertising research47, 4 (2007), 398–411
2007
-
[4]
Ahmad Alnafessah, Alim Ul Gias, Runan Wang, Lulai Zhu, Giuliano Casale, and Antonio Filieri. 2021. Quality-aware devops research: Where do we stand?IEEE access9 (2021), 44476–44489
2021
-
[5]
Saleema Amershi, Andrew Begel, Christian Bird, Robert DeLine, Harald Gall, Ece Kamar, Nachiappan Nagappan, Besmira Nushi, and Thomas Zimmermann. 2019. Software Engineering for Machine Learning: A Case Study. In2019 IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP). 291–300. doi:10.1109/ICSE-SEIP.2...
-
[6]
Sébastien Andreina, Tobias Cloosters, Lucas Davi, Jens-Rene Giesen, Marco Gutfleisch, Ghassan Karame, Alena Naiakshina, and Houda Naji. 2024. Defying the Odds: Solana’s Unexpected Resilience in Spite of the Security Challenges Faced by Developers. InProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security. 4226–4240
2024
-
[7]
Hala Assal and Sonia Chiasson. 2018. Security in the software development lifecycle. InFourteenth symposium on usable privacy and security (SOUPS 2018). 281–296
2018
-
[8]
Hala Assal and Sonia Chiasson. 2019. ’Think secure from the beginning’ A Survey with Software Developers. InProceedings of the 2019 CHI conference on human factors in computing systems. 1–13
2019
-
[9]
Hala Assal, Srivathsan G Morkonda, Muhammad Zaid Arif, and Sonia Chiasson
-
[10]
Software security in practice: knowledge and motivation.Journal of Cybersecurity11, 1 (2025), tyaf005
2025
-
[11]
Jessy Ayala, Yu-Jye Tung, and Joshua Garcia. 2025. A {Mixed-Methods} Study of {Open-Source} Software Maintainers On Vulnerability Management and Platform Security Features. In34th USENIX Security Symposium (USENIX Security 25). 2105–2124
2025
-
[12]
Michael Bailey, David Dittrich, Erin Kenneally, and Doug Maughan. 2012. The menlo report.IEEE Security & Privacy10, 2 (2012), 71–75
2012
-
[13]
Rebecca Balebako, Abigail Marsh, Jialiu Lin, Jason Hong, and Lorrie Faith Cranor
-
[14]
In Workshop on Usable Security
The privacy and security behaviors of smartphone app developers. In Workshop on Usable Security. The Internet Society Reston, VA, USA, 1–10
-
[15]
decoupling
Jon Bateman. 2022. US-China technological “decoupling”: A strategy and policy framework. (2022)
2022
-
[16]
Tom L Beauchamp et al . 2008. The belmont report.The Oxford textbook of clinical research ethics(2008), 149–155
2008
-
[17]
Rodrigo Borrego Bernabé, Iván Álvarez Navia, and Francisco José García- Peñalvo. 2015. Faat: Freelance as a team. InProceedings of the 3rd International Conference on Technological Ecosystems for Enhancing Multiculturality. 687–694
2015
-
[18]
Lukas Bieringer, Kathrin Grosse, Michael Backes, Battista Biggio, and Katharina Krombholz. 2022. Industrial practitioners’ mental models of adversarial machine learning. InEighteenth Symposium on Usable Privacy and Security (SOUPS 2022). 97–116
2022
-
[19]
Barry Boehm. 1986. A spiral model of software development and enhancement. ACM SIGSOFT Software engineering notes11, 4 (1986), 14–24
1986
-
[20]
i never thought about securing my machine learning systems
Franziska Boenisch, Verena Battis, Nicolas Buchmann, and Maija Poikela. 2021. “i never thought about securing my machine learning systems”: A study of security and privacy awareness of machine learning practitioners. InProceedings of Mensch und Computer 2021. 520–546
2021
-
[21]
Virginia Braun and Victoria Clarke. 2006. Using thematic analysis in psychology. Qualitative research in psychology3, 2 (2006), 77–101
2006
-
[22]
Lucas Brutschy, Pietro Ferrara, and Peter Müller. 2014. Static analysis for inde- pendent app developers. InProceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications. 847–860
2014
-
[23]
Why lose control?
Juan Carlos Alvarez de la Vega, Marta E. Cecchinato, and John Rooksby. 2021. “Why lose control?” A study of freelancers’ experiences with gig economy plat- forms. InProceedings of the 2021 CHI conference on human factors in computing systems. 1–14
2021
-
[24]
Steven S Coughlin. 1990. Recall bias in epidemiologic studies.Journal of clinical epidemiology43, 1 (1990), 87–91
1990
-
[25]
Anastasia Danilova, Alena Naiakshina, Anna Rasgauski, and Matthew Smith
-
[26]
InSeventeenth Symposium on Usable Privacy and Security (SOUPS 2021)
Code reviewing as methodology for online security studies with developers-a case study with freelancers on password storage. InSeventeenth Symposium on Usable Privacy and Security (SOUPS 2021). 397–416
2021
-
[27]
Sauvik Das, Cori Faklaris, Jason I Hong, Laura A Dabbish, et al . 2022. The security & privacy acceptance framework (spaf).Foundations and Trends®in Privacy and Security5, 1-2 (2022), 1–143
2022
- [28]
-
[29]
Mateusz Dolata, Norbert Lange, and Gerhard Schwabe. 2024. Development in times of hype: How freelancers explore Generative AI?. InProceedings of the IEEE/ACM 46th International Conference on Software Engineering. 1–13
2024
-
[30]
Mateusz Dolata, Norbert Lange, and Gerhard Schwabe. 2025. More Attention, Transformation, Acceleration, and Exploration: Freelance Developers’ Take on Hypes. InProceedings of the 2025 CHI Conference on Human Factors in Computing Systems. 1–21
2025
-
[31]
Anthony Finkelstein, Jeff Kramer, and Bashar Nuseibeh. 1994. Software process modelling and technology. (1994)
1994
-
[32]
2026.Freelancer Study 2026: The report on the present and future of freelancing
Freelancermap. 2026.Freelancer Study 2026: The report on the present and future of freelancing. Technical Report. Freelancermap. https://www.freelancermap. com/market-study [Accessed: 2026-04-29]
2026
-
[33]
Guo Freeman, Jeffrey Bardzell, Shaowen Bardzell, and Nathan McNeese. 2020. Mitigating exploitation: Indie game developers’ reconfigurations of labor in technology.Proceedings of the ACM on Human-Computer Interaction4, CSCW1 (2020), 1–23
2020
-
[34]
Zachary Fulker and Christoph Riedl. 2024. Cooperation in the gig economy: insights from upwork freelancers.Proceedings of the ACM on Human-Computer Interaction8, CSCW1 (2024), 1–20
2024
-
[35]
Lisa Geierhaas, Anna-Marie Ortloff, Matthew Smith, and Alena Naiakshina
-
[36]
InEighteenth Symposium on Usable Privacy and Security (SOUPS 2022)
{Let’s} hash: Helping developers with password security. InEighteenth Symposium on Usable Privacy and Security (SOUPS 2022). 503–522
2022
-
[37]
Jonathan Gillham. 2025. The Era of Tailored Intelligence: Charting the Growth and Market Impact of Custom GPTs. https://originality.ai/blog/gpts-statistics. [Accessed: 2026-04-29]
2025
-
[38]
Leo A Goodman. 1961. Snowball sampling.The annals of mathematical statistics (1961), 148–170
1961
-
[39]
Google. 2026. Google’s Secure AI Framework (SAIF). https://safety.google/ safety/saif/ [Accessed: 2026-04-29]
2026
-
[40]
Pamela Grimm. 2010. Social desirability bias.Wiley international encyclopedia of marketing(2010)
2010
-
[41]
Varun Gupta, Jose Maria Fernandez-Crehuet, Chetna Gupta, and Thomas Hanne
-
[42]
Freelancing models for fostering innovation and problem solving in software startups: An empirical comparative study.Sustainability12, 23 (2020), 10106
2020
-
[43]
Varun Gupta, Jose Maria Fernandez-Crehuet, and Thomas Hanne. 2020. Free- lancers in the software development process: A systematic mapping study. Processes8, 10 (2020), 1215
2020
-
[44]
Lisa Gussek, Alex Grabbe, and Manuel Wiesche. 2023. Challenges of IT free- lancers on digital labor platforms: A topic model approach.Electronic Markets 33, 1 (2023), 55
2023
-
[45]
Lisa Gussek and Manuel Wiesche. 2023. It professionals in the gig economy: the success of IT freelancers on digital labor platforms.Business & Information Systems Engineering65, 5 (2023), 555–575
2023
-
[46]
Marco Gutfleisch, Jan H Klemmer, Niklas Busch, Yasemin Acar, M Angela Sasse, and Sascha Fahl. 2022. How does usable security (not) end up in software products? results from a qualitative interview study. In2022 IEEE Symposium on Security and Privacy (SP). IEEE, 893–910
2022
-
[47]
Naveed Ul Haq, Ammar Aftab Raja, Safia Nosheen, and Muhammad Faisal Sajjad
-
[48]
Determinants of client satisfaction in web development projects from freelance marketplaces.International Journal of Managing Projects in Business 11, 3 (2018), 583–607
2018
-
[49]
Nicolas Harrand, Amine Benelallam, César Soto-Valero, François Bettega, Olivier Barais, and Benoit Baudry. 2022. API beauty is in the eye of the clients: 2.2 Conference acronym ’XX, June 03–05, 2018, Woodstock, NY Trovato et al. million Maven dependencies reveal the spectrum of client–API usages.Journal of Systems and Software184 (2022), 111134
2022
-
[50]
Shijing He, Yaxiong Lei, Xiao Zhan, Chi Zhang, Juan Ye, Ruba Abu-Salma, and Jose Such. 2025. Privacy Perspectives and Practices of Chinese Smart Home Product Teams. InIEEE Symposium on Security and Privacy (S&P) 2026
2025
-
[51]
James Heckman. 1990. Varieties of selection bias.The American Economic Review 80, 2 (1990), 313–318
1990
-
[52]
Timon B Heinis, Jan Hilario, and Mirko Meboldt. 2018. Empirical study on innovation motivators and inhibitors of Internet of Things applications for industrial manufacturing enterprises.Journal of Innovation and Entrepreneurship 7, 1 (2018), 10
2018
-
[53]
Those things are written by lawyers, and programmers are reading that
Stefan Albert Horstmann, Samuel Domiks, Marco Gutfleisch, Mindy Tran, Yasemin Acar, Veelasha Moonsamy, and Alena Naiakshina. 2024. “Those things are written by lawyers, and programmers are reading that. ” Mapping the Com- munication Gap Between Software Developers and Privacy Experts.Proceedings on Privacy Enhancing Technologies(2024)
2024
-
[54]
Sorry for Bugging you so much
Stefan Albert Horstmann, Sandy Hong, David Klein, Raphael Serafini, Mar- tin Degeling, Martin Johns, Veelasha Moonsamy, and Alena Naiakshina. 2025. “Sorry for Bugging you so much. ” Exploring Developers’ Behavior Towards Privacy-Compliant Implementation. In2025 IEEE Symposium on Security and Privacy (SP). IEEE, 1215–1233
2025
-
[55]
I need to learn better searching tactics for privacy policy laws
Stefan Albert Horstmann, Sandy Hong, Maziar Niazian, Cristiana Santos, and Alena Naiakshina. 2025. " I need to learn better searching tactics for privacy policy laws. ”Investigating Software Developers’ Behavior When Using Sources on Privacy Issues.arXiv preprint arXiv:2511.08059(2025)
-
[56]
Nicolas Huaman, Bennet von Skarczinski, Christian Stransky, Dominik Wermke, Yasemin Acar, Arne Dreißigacker, and Sascha Fahl. 2021. A {Large-Scale} inter- view study on information security in and attacks against small and medium- sized enterprises. In30th USENIX Security Symposium (USENIX Security 21). 1235–1252
2021
-
[57]
Srihari Hulikal Muralidhar, Sean Rintel, and Siddharth Suri. 2022. Collaboration, invisible work, and the costs of macrotask freelancing.Proceedings of the ACM on Human-Computer Interaction6, CSCW2 (2022), 1–25
2022
-
[58]
Sabrina Klivan, Sandra Höltervennhoff, Rebecca Panskus, Karola Marky, and Sascha Fahl. 2024. Everyone for themselves? a qualitative study about individual security setups of open source software contributors. In2024 IEEE Symposium on Security and Privacy (SP). IEEE, 1065–1082
2024
-
[59]
We are not Future-ready
Alexandra Klymenko, Stephen Meisenbacher, Patrick Gage Kelley, Sai Teja Peddinti, Kurt Thomas, and Florian Matthes. 2025. " We are not Future-ready": Understanding {AI} Privacy Risks and Existing Mitigation Strategies from the Perspective of {AI} Developers in Europe. InTwenty-First Symposium on Usable Privacy and Security (SOUPS 2025). 113–132
2025
-
[60]
Ram Shankar Siva Kumar, Magnus Nyström, John Lambert, Andrew Marshall, Mario Goertzel, Andi Comissoneru, Matt Swann, and Sharon Xia. 2020. Adver- sarial machine learning-industry perspectives. In2020 IEEE security and privacy workshops (SPW). IEEE, 69–75
2020
-
[61]
Rabby Q Lavilles and Raymund C Sison. 2017. A Thematic Analysis of Software Developers’ Experience in online sourcing marketplaces. (2017)
2017
-
[62]
Lucas Layman, Laurie Williams, Daniela Damian, and Hynek Bures. 2006. Es- sential communication practices for Extreme Programming in a global software development team.Information and software technology48, 9 (2006), 781–794
2006
-
[63]
Hao-Ping Hank Lee, Lan Gao, Stephanie Yang, Jodi Forlizzi, and Sauvik Das
-
[64]
I Don’t Know If We’re Doing Good. I Don’t Know If We’re Doing Bad
" I Don’t Know If We’re Doing Good. I Don’t Know If We’re Doing Bad": Investigating How Practitioners Scope, Motivate, and Conduct Privacy Work When Developing AI Products. In33rd USENIX Security Symposium (USENIX Security 24). 4873–4890
-
[65]
Tianshi Li, Yuvraj Agarwal, and Jason I Hong. 2018. Coconut: An IDE plugin for developing privacy-friendly apps.Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies2, 4 (2018), 1–35
2018
-
[66]
Tianshi Li, Elizabeth Louie, Laura Dabbish, and Jason I Hong. 2021. How developers talk about personal data and what it means for user privacy: A case study of a developer forum on reddit.Proceedings of the ACM on Human- Computer Interaction4, CSCW3 (2021), 1–28
2021
-
[67]
Tianshi Li, Kayla Reiman, Yuvraj Agarwal, Lorrie Faith Cranor, and Jason I Hong. 2022. Understanding challenges for developers to create accurate privacy nutrition labels. InProceedings of the 2022 CHI Conference on Human Factors in Computing Systems. 1–24
2022
-
[68]
Sohye Lim and Hongjin Shim. 2022. No secrets between the two of us: Privacy concerns over using AI agents.Cyberpsychology: Journal of Psychosocial Research on Cyberspace16, 4 (2022)
2022
-
[69]
Rongjun Ma, Caterina Maidhof, Juan Carlos Carrillo, Janne Lindqvist, and Jose Such. 2025. Privacy perceptions of custom gpts by users and creators. In Proceedings of the 2025 CHI Conference on Human Factors in Computing Systems. 1–18
2025
-
[70]
Nora McDonald, Sarita Schoenebeck, and Andrea Forte. 2019. Reliability and inter-rater reliability in qualitative research: Norms and guidelines for CSCW and HCI practice.Proceedings of the ACM on human-computer interaction3, CSCW (2019), 1–23
2019
-
[71]
Microsoft AI Red Team. 2025. AI Risk Assessment for ML Engineers. https:// learn.microsoft.com/en-us/security/ai-red-team/ai-risk-assessment [Accessed: 2026-04-29]
2025
-
[72]
Security} is not my field, {I’m} a stats {guy
Jaron Mink, Harjot Kaur, Juliane Schmüser, Sascha Fahl, and Yasemin Acar. 2023. {“Security} is not my field, {I’m} a stats {guy”}: A Qualitative Root Cause Analysis of Barriers to Adversarial Machine Learning Defenses in Industry. In 32nd USENIX Security Symposium (USENIX Security 23). 3763–3780
2023
-
[73]
Isabel Munoz, Michael Dunn, Steve Sawyer, and Emily Michaels. 2022. Platform- mediated markets, online freelance workers and deconstructed identities.Pro- ceedings of the ACM on Human-Computer Interaction6, CSCW2 (2022), 1–24
2022
-
[74]
Alena Naiakshina, Anastasia Danilova, Eva Gerlitz, and Matthew Smith. 2020. On conducting security developer studies with cs students: Examining a password-storage study with cs students, freelancers, and company developers. InProceedings of the 2020 CHI conference on human factors in computing systems. 1–13
2020
-
[75]
If you want, I can store the encrypted password
Alena Naiakshina, Anastasia Danilova, Eva Gerlitz, Emanuel Von Zezschwitz, and Matthew Smith. 2019. " If you want, I can store the encrypted password" A Password-Storage Field Study with Freelance Developers. InProceedings of the 2019 CHI Conference on Human Factors in Computing Systems. 1–12
2019
-
[76]
It’s complicated
Houda Naji, Marco Gutfleisch, and Alena Naiakshina. 2025. Relationship Sta- tus:" It’s complicated" Developer-Security Expert Dynamics in Scrum. In2025 IEEE/ACM 47th International Conference on Software Engineering (ICSE). IEEE Computer Society, 657–657
2025
-
[77]
It’s not my responsibility to write them
Houda Naji, Felix Reichmann, Tobias Bruns, M Angela Sasse, and Alena Naiak- shina. 2025. " It’s not my responsibility to write them": An Empirical Study of Software Product Managers and Security Requirements. In34th USENIX Security Symposium (USENIX Security 25). 2245–2264
2025
-
[78]
P Nimje. 2024. The rise of low-code/No-code development platforms.Int J Adv Res Sci Commun Technol4 (2024), 650–3
2024
-
[79]
Liangbo Ning, Ziran Liang, Zhuohang Jiang, Haohao Qu, Yujuan Ding, Wenqi Fan, Xiao-yong Wei, Shanru Lin, Hui Liu, Philip S Yu, et al . 2025. A survey of webagents: Towards next-generation ai agents for web automation with large foundation models. InProceedings of the 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining V. 2. 6140–6150
2025
-
[80]
Xin Pang, Zhucong Li, Jiaxiang Chen, Yuan Cheng, Yinghui Xu, and Yuan Qi
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.