Cybersecurity discussions in Stack Overflow: a developer-centred analysis of engagement and self-disclosure behaviour

• Published in: Social Network Analysis and Mining Vol. 14; no. 1; p. 16
• Main Authors: Díaz Ferreyra, Nicolás E., Vidoni, Melina, Heisel, Maritta, Scandariato, Riccardo
• Format: Journal Article
• Language: English
• Published: Vienna Springer Vienna 22.12.2023; Springer Nature B.V
• Subjects: Answers; Applications of Graph Theory and Complex Networks; Artificial intelligence; Community; Computer Science; Computer security; Cybersecurity; Data Mining and Knowledge Discovery; Economics; Experts; Game Theory; General Data Protection Regulation; Humanities; Law; Methodology of the Social Sciences; Original Article; Participation; Perceived control; Privacy; Questions; Self disclosure; Social and Behav. Sciences; Social networks; Software development; Software engineering; Software industry; Special Issue on Collective intelligence on Web and Social Media; Statistics for Social Sciences; Visibility; Engagement; Self-disclosure; Social coding platforms; Stack Overflow; Usable privacy and security; R programming; Python
• ISSN: 1869-5450; 1869-5469
• DOI: 10.1007/s13278-023-01171-z

Stack Overflow (SO) is a popular platform among developers seeking advice on various software-related topics, including privacy and security. As for many knowledge-sharing websites, the value of SO depends largely on users’ engagement, namely their willingness to answer, comment or post technical questions. Still, many of these questions (including cybersecurity-related ones) remain unanswered, putting the site’s relevance and reputation into jeopardy. Hence, it is important to understand users’ participation in privacy and security discussions to promote engagement and foster the exchange of such expertise. Objective : Based on prior findings on online social networks, this work elaborates on the interplay between users’ engagement and their privacy practices in SO. Particularly, it analyses developers’ self-disclosure behaviour regarding profile visibility and their involvement in discussions related to privacy and security. Method : We followed a mixed-methods approach by (i) analysing SO data from 1239 cybersecurity-tagged questions along with 7048 user profiles, and (ii) conducting an anonymous online survey (N=64). Results : About 33% of the questions we retrieved had no answer, whereas more than 50% had no accepted answer. We observed that proactive users tend to disclose significantly less information in their profiles than reactive and unengaged ones. However, no correlations were found between these engagement categories and privacy-related constructs such as perceived control or general privacy concerns . Implications : These findings contribute to (i) a better understanding of developers’ engagement towards privacy and security topics, and (ii) to shape strategies promoting the exchange of cybersecurity expertise in SO.