Caution: JavaScript execution is disabled in your browser or for this website. You may not be able to answer all questions in this survey. Please, verify your browser parameters.

Survey: How Do Experience and Confidence Shape Secure Coding?

Principal Investigator: Patryk Serafin
Institution: Technical University of Darmstadt (TU Darmstadt), Department of Computer Science
Context: Bachelor's Thesis

About the Study:
You are invited to participate in a research study investigating how developers identify and mitigate potential security issues in software. Your insights will help us understand the role of individual factors, such as experience and confidence, in secure software development. The findings are intended to inform better developer training programs and organizational security policies. Please note that because this study involves analyzing code snippets, at least some prior programming experience is required to participate.

Procedure: If you agree to participate, you will be asked to:

Provide basic demographic information.
Review 6 short code snippets (vignettes) in a random order. For each snippet, you will be asked to identify if a security issue exists and, if so, how you would fix it.
Complete a short set of questions regarding your self-efficacy (confidence in problem-solving).
Answer brief questions about your programming and security experience.

Duration: The survey is expected to take approximately 15–20 minutes to complete.

Privacy & Data Protection:

Voluntary: Participation is entirely voluntary. You may stop the survey at any time by closing your browser window.
Anonymous: This survey is anonymous. No personally identifiable information (PII) such as your name, email, or IP address will be linked to your responses.
Data Usage: The collected data will be used solely for academic research purposes and will be analyzed in aggregate form.
Data Storage: All data is stored securely on TU Darmstadt servers (Germany) via the university's internal LimeSurvey instance.

Contact Information: If you have any questions or concerns regarding this study, please contact the principal investigator:

Patryk Serafin
Email: patryk.serafin@stud.tu-darmstadt.de

This survey is anonymous.

The record of your survey responses does not contain any identifying information about you, unless a specific survey question explicitly asked for it.

If you used an identifying access code to access this survey, please rest assured that this code will not be stored together with your responses. It is managed in a separate database and will only be updated to indicate whether you did (or did not) complete this survey. There is no way of matching identification access codes with survey responses.

We are sorry but you can't proceed without first agreeing to our survey privacy policy.

I have read the study information above, I am at least 18 years old, and I agree to participate.
Show policy

1. Purpose

This survey is conducted as part of a Bachelor’s thesis at the Technical University of Darmstadt. The objective is to investigate how individual differences in experience and self-efficacy influence developers' ability to identify and mitigate security vulnerabilities in code.

2. What data is collected

We collect the following categories of information to test our research hypotheses:

Demographics: Age, gender identity, sex assigned at birth, nationality, and the country where you completed your secondary education.
Programming Experience: Self-estimates of your experience level and objective indicators such as the number of years you have been programming.
Psychometric Data: Your self-assessment regarding general problem-solving confidence and specific confidence in handling security tasks (Self-Efficacy).
Task Performance: Your responses to code vignettes, including whether you detect a security issue, how you rate its severity, and how you propose to fix it.
Resource Usage: Information regarding the tools (e.g., AI assistants, search engines) you used to complete the tasks, as well as your general frequency of using such tools in daily work.

3. Anonymity and Confidentiality

This survey is strictly anonymous.

We do not collect names or email addresses.
Technical Anonymization: The survey is hosted on the TU Darmstadt LimeSurvey instance with strict anonymization settings enabled. We do not record your IP address, referrer URL, or response timestamps/timings.
Because no personally identifiable information (PII) or technical identifiers are stored, it is not possible to link your responses back to you or your device.

4. Data Storage and Processing

All data is stored securely on servers provided by the Technical University of Darmstadt. Access to the data is restricted to the principal investigator and the thesis supervisor. The collected data will be analyzed in aggregate form for academic research purposes only.

5. Right to Withdraw

Participation is entirely voluntary. You may withdraw from the study at any time without penalty by simply closing your browser window. However, please note that because we do not collect any identifiers (such as IP addresses or codes), it is not possible to identify or delete your specific data once the survey has been submitted.

6. Contact

If you have questions regarding this study or its data protection measures, please contact the principal investigator:

Patryk Serafin (Student, Department of Computer Science)
Email: patryk.serafin@stud.tu-darmstadt.de

Exit and clear survey

Survey: How Do Experience and Confidence Shape Secure Coding?

Privacy policy

Exit and clear survey