Interview Study:
Cryptographic Standard Experiences

Studying the experiences with implementing cryptographic standards in the open source community.

We conduct an interview study with open source developers of cryptographic software. If you have any insights that you can share, we would love to interview you. If you want to participate, please shoot us an email at huaman@sec.uni-hannover.de or directly schedule an interview via Calendly.

Schedule an interview !

About

Open source cryptography is crucial for the security of the modern digital society. Therefore, cryptographic standards need to be verifiable, open, correct, and easy-to-implement.

Motivation

We aim to investigate the experiences open source software developers make when implementing cryptographic standards, common implementation failures, and other pitfalls. Therefore, we interview open source developers who implemented cryptographic standards in the past. Based on the interview findings, we hope to provide recommendations for improving cryptographic standards and their secure implementation.

Who we are

Interviews

We conduct interviews with open source developers experienced in implementing cryptographic standards. The interviews include questions about software projects, questions related to how standards are used, and questions about experiences with cryptography.

We are particularly interested in your experiences with and opinions on cryptographic standards, challenges, and obstacles you stumbled over in the past. Furthermore, we want to know about the things you would like to see addressed in future standards to make the implementation process easier and less error-prone.

A few examples of questions we might ask:

The purpose of this study is to gain insights into the challenges of implementing cryptographic standards and to publish a scientific paper using anonymized data from the information you provide, including anonymized quotes from the interview.

Eligibility is open to individuals (1.) over the age of 18 (2.) who work in any capacity with the realization or implementation of cryptographic standards in open source software.

Method: You will be interviewed in a semi-structured interview. The goal is to collect data about your experiences and opinions on working with cryptographic standards in open source software.

The duration of the interview is around 60 minutes minutes.

Data collection and processing: The interview will be recorded and transcribed (converted to text) for analysis purposes by a GDPR-compliant external service (Amberscript). The results of this survey will be stored by a GDPR-compliant external service (Qualtrics).

Personal or project-related information (e.g., your name, company name, project name) will be removed from the transcription and survey (anonymized). We may only publish aggregated data or short quotes in our subsequent publication, without any traceability to you.

Storage location: Potential threats to the confidentiality of this study are minimized by securing all data on your device and storing it in a secure cloud storage system. Only authorized researchers will have access to this data.

Your name and personal identification information will be stored only for the purpose of enabling your participation and to document your consent. This data will not be kept together with your study data and will be deleted immediately after your participation.

Results from this study may be presented at conferences or published in scientific journals. As data is anonymous, it is not possible to draw any conclusions about your identity.

Storage duration: Anonymized data and study documents are kept for the period of 10 years.

Your Rights:

The risks to your participation in this online study are those associated with basic computer tasks, including boredom, fatigue, mild stress, or breach of confidentiality. The benefits to you are a monetary compensation and the learning experience from participating in a research study. The benefit to society is the contribution to scientific knowledge.

Compensation: All participants who complete the interview will receive a compensation in the form of $60 donated to an open source project of your choice within our guidelines and possibilities, for example via GitHub Donations.

Your participation is voluntary. You can withdraw from the study at any time by informing the interviewer. If you choose to do so, your data will not be used in the study. You will not be compensated should you decide to do so. You may at any point during or after the study request for your data to be removed from the dataset. Note that anonymized and aggregated data cannot be removed after publication.

For any questions about this research, you may contact:

By giving your consent, you confirm that: