Security and Privacy as Hygiene Factors of Developer Behavior in Small and Agile Teams

Kai-Uwe Loser, Martin Degeling

In ICT and Society, edited by Kai Kimppa, Diane Whitehouse, Tiina Kuusela, and Jackie Phahlamohlaka, 255–65. IFIP Advances in Information and Communication Technology 431. Springer Berlin Heidelberg.


User motivations are often considered in human computer relations. The analysis of developer behavior often lacks this perspective. Herzberg’s distinction of motivators and hygiene factors adds a level for the analyses of those sociotechnical phenomena that lead to skipping of security and privacy requirements especially in agile development projects. Requirements of security and privacy are not considered nice-to-have, but as necessary hygiene factors of systems attractiveness, motivation for extra effort is low with respect to those requirements. The motivators for developers – functionality that makes a system special and which is valued by customers and users are dominant for the decisions about priorities of development – hygiene factors like many security requirements get a lower priority. In this paper we introduce this theory with relation to known problems of (agile) development projects with respect to implementing security and privacy. We present this with a case study of mobile app development in a research project that we analyzed by security and privacy aspects.