What are developers talking about information security? A large-scale study using semantic analysis of Q&A posts


PeerJ Computer Science, vol.10, 2024 (SCI-Expanded) identifier identifier identifier

  • Publication Type: Article / Article
  • Volume: 10
  • Publication Date: 2024
  • Doi Number: 10.7717/peerj-cs.1954
  • Journal Name: PeerJ Computer Science
  • Journal Indexes: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Compendex, Directory of Open Access Journals
  • Keywords: Empirical study, Information security, Q&A communities, Semantic analysis, Topic modeling
  • Karadeniz Technical University Affiliated: Yes


Background: Digitalization and rapid technological improvement in the present day bring numerous benefits, but they also raise the complexity and diversity of cyber security risks, putting critical information security issues on the agenda. Growing issues and worries about information security endanger not only the security of individuals and organizations but also global social and economic stability. Methods: This study investigates the issues and challenges regarding information security by analyzing all the postings on ISSE (Information Security Stack Exchange), a Q&A website focused on information security. In order to identify the primary topics addressed in postings shared on the ISSE platform, we employed a probabilistic topic modeling method called latent Dirichlet allocation (LDA), which is generative in nature and relies on unsupervised machine learning processes. Results: Through this investigation, a total of 38 topics were identified, demonstrating the present state of information security issues and challenges. Considering these topics, a comprehensive taxonomy of seven categories was devised to address information security issues, taking into account their backgrounds and perspectives. Subsequently, we conducted an examination of the prevalence and complexity of the matters at hand. In addition, we have defined the prevailing technologies utilized in the realm of information security, including tasks, certifications, standards, methods, tools, threats, and defenses. We have provided a number of implications for different stakeholders, including academics, developers, educators, and practitioners, who are working towards advancing the field of information security.