The Role of Professional Product Reviewers in Evaluating Security and Privacy

Authors: 

Wentao Guo, Jason Walter, and Michelle L. Mazurek, University of Maryland

Abstract: 

Consumers who use Internet-connected products are often exposed to security and privacy vulnerabilities that they lack time or expertise to evaluate themselves. Can professional product reviewers help by evaluating security and privacy on their behalf? We conducted 17 interviews with product reviewers about their procedures, incentives, and assumptions regarding security and privacy. We find that reviewers have some incentives to evaluate security and privacy, but they also face substantial disincentives and challenges, leading them to consider a limited set of relevant criteria and threat models. We recommend future work to help product reviewers provide useful advice to consumers in ways that align with reviewers' business models and incentives. These include developing usable resources and tools, as well as validating the heuristics they use to judge security and privacy expediently.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {287264,
author = {Wentao Guo and Jason Walter and Michelle L. Mazurek},
title = {The Role of Professional Product Reviewers in Evaluating Security and Privacy},
booktitle = {32nd USENIX Security Symposium (USENIX Security 23)},
year = {2023},
isbn = {978-1-939133-37-3},
address = {Anaheim, CA},
pages = {2563--2580},
url = {https://www.usenix.org/conference/usenixsecurity23/presentation/guo-wentao},
publisher = {USENIX Association},
month = aug
}

Presentation Video