Interview Study on the use of SCA tools

In this study, we are looking for participants in an interview-based approach to investigate the use of SCA (software composition analysis) tools. The study aims to uncover how the tools play a part in security workflows and how users make decisions based on tool output. From the interviews, we hope to gather insights into SCA tools and software supply chain security.

Motivation

SCA tools determine the software components included in your application and if vulnerabilities exist in the components. A common challenge with SCA tool users are the large amount of alerts returned by the tool, overwhelming users. Previous research has also shown differences in SCA tool output. However, there lacks a study of understanding SCA tools from the user perspective.

Research Questions

We aim to answer the following research questions:

1. How do users interact with SCA tools?
2. How are SCA alerts prioritized?
3. How can SCA tools be improved?

Participation

We are looking for people who have experience with SCA tools or are part of an organization that uses SCA tools.

For more details, please visit this page here!