- From: Terri Oda <terri@zone12.com>
- Date: Thu, 03 Feb 2011 01:07:37 -0500
- To: public-web-security@w3.org
Aryeh Gregor wrote: > I have no experience with usability study design, but your proposed > study looks like it would take a couple of hours to do. If we're just > grabbing random acquaintances of ours, as opposed to paying people to > take it, that's a bit much. > > Also, I'm dubious about making the first step "read the spec" -- > that's not how real-world authors learn things. Maybe it would make > more sense to just give them an existing policy and ask them to make > particular changes (with access to Google), since almost everyone > learns stuff mostly by copy-paste. I was also concerned about the length, but wasn't too sure what folk here would consider a fair test. However, you bring up a good point: maybe it's a much fairer test to put say, a half hour limit on it, and see what people can come up with given access to links to the documentation, access to google, and the site they're supposed to be securing? It'd certainly be an easier study to run, and might reflect the sort of time pressures one would expect to see on actual developers (who I'm guessing are most likely to get interested in CSP when something blows up and they have to "fix it now") Terri
Received on Thursday, 3 February 2011 06:08:06 UTC