Litcius/Paper detail

Security Fictions

Nick Merrill

202019 citationsDOIOpen Access PDF

Abstract

This paper begins with an observation: that threat identification is an intrinsically speculative practice. It requires imagining possible futures. Drawing on methods from speculative design, this paper presents an improvisational role-playing game designed to help software developers identify security threats. It deploys this game with seven software developers, who used the game to successfully identify diverse threats in their software. The insights from this deployment motivate future work on both the game itself and on organizational accounts of security. I call on the design research community to continue to apply its methods and perspectives to computer security, locating threat identification itself, like all speculation, as a site of social and political power.

Topics & Concepts

Futures contractSoftware deploymentComputer scienceSpeculationComputer securityIdentification (biology)Software security assuranceImprovisationData scienceSoftware engineeringInformation securityBusinessSecurity serviceFinanceBotanyArtBiologyVisual artsInnovative Human-Technology InteractionDigital Games and MediaPrivacy, Security, and Data Protection
Security Fictions | Litcius