Participant Information
Developer Security Essentials Survey
As researchers at Lancaster University and University College London, we invite you to take part in an online survey to help identify scope for improvement in the security and privacy aspects of your team’s software development.
What is the survey about?
This survey produces an assessment of the security and privacy-enhancing activities and knowledge of your development team. The assessment may be used to build a picture of the security capabilities of professional development teams in general.
A report will be sent to you and to all the team members—provided that sufficient responses have been received to ensure that individual responses are anonymous. Though the report is designed not to allow management evaluation of individual participants, it will be helpful in supporting training and similar security-improvement activities.
Why have I been invited?
Your name and contact details were provided by a colleague of yours, whose name and email address are in your invitation email. We shall be grateful if you agree to take part.
What will I be asked to do if I take part?
You will complete an online survey about the security activities and opinions you carry out in your normal development work.
What are the possible benefits from taking part?
You will contribute to the security assessment of your team, which in turn may support training and other professional improvements. So long as we receive sufficient responses to ensure anonymity, we shall send you a report summarising the survey when results are available.
Thinking about the questions we shall ask may help you improve your own software development.
Do I have to take part?
No. Your participation is voluntary and you are free to withdraw at any time, without giving any reason.
What if I change my mind?
You can withdraw from the study at any time. If you request your data to be removed within 1 week of completing the questionnaire, we will remove it completely. After a 1 week period, we will do our best to remove the data but it may not be possible as it may already have been integrated into a report and to our study.
What are the possible disadvantages and risks of taking part?
Only the investment of your time for the survey, for which we thank you.
Will my data be identifiable?
The report sent to you and your team will summarise the data from several participants; individual responses will not be identifiable. The data from the reports will be accessible only to ourselves, a small number of trusted researchers conducting this study.
We keep all personal information about you (e.g. your email, and other information about you that can identify you) confidential. We shall anonymise any data. This means that we remove any personal information and ways of identifying you (including distinctive features of your data), from data and results shared with anyone else.
Publications, reports and data sets that are released outside the research team will explicitly be reviewed against inadvertent confidentiality lapses.
How will my data be stored?
Your data will be stored in encrypted files (so no-one other than trusted researchers working specifically on this project, will be able to access them) on password-protected computers. We shall store hard copies of any data securely in locked cabinets in university offices.
In accordance with University guidelines, we shall delete all personal data, such as email addresses, as soon as possible consistent with your requests on us. Publicly released data sets, reviewed as described in the previous section, will be kept indefinitely; other anonymised data will be kept for at least 10 years.
How will we use the information you have shared with us and what will happen to the results of the research study?
We shall use summaries of many reports for academic purposes. This will include reports and journal articles. We may also present the results of the study at academic conferences.
When writing up the findings from this study, we may quote from text you may enter in the survey. When doing so, we ensure that any information that might accidentally identify you will be removed.
Who has reviewed the project?
This study has been reviewed and approved by the Lancaster University Faculty of Science and Technology Research Ethics Committee.
What if I have a question or concern?
For further information about how Lancaster University processes personal data for research purposes and your data rights please visit our webpage: https://www.lancaster.ac.uk/research/participate-in-research/data-protection-for-research-participants/ . If you have any queries or if you are unhappy with anything that happens concerning your participation in the study, please contact us:
essentials@securedevelopment.org
Charles Weir, InfoLab21, Lancaster University, LA1 4WA
If you have any concerns or complaints that you wish to discuss with a person who is not directly involved in the research, you can also contact the Head of School of Computing and Communications:
Prof. Adrian Friday, a.friday@lancaster.ac.uk, +44 (0)1524 510326
InfoLab21, Lancaster University, LA1 4WA
Thank you for considering participating in this project.
- Charles, Ingolf
Developer Security Essentials team.