A Descriptive Model of Computer Code Trustworthiness

Abstract

Trust and trustworthiness judgments have been studied in the context of social, business, and romantic relationships as well as between humans and automation. This article extends the prior research to explore how programmers assess code for trustworthiness when asked to reuse existing computer code. We used cognitive task analysis methods to explore experienced programmers’ first-person perspectives on code reuse. We elicited specific cues and strategies used to assess trustworthiness in real-world scenarios. Using qualitative analysis techniques, we grouped cues into three trustworthiness factors: performance, transparency, and reputation. We also identified environmental factors that influence acceptable levels of trust, including customer needs and requirements, organizational resources and constraints, and consequences of failure. We propose a descriptive model based on these findings. These findings have important implications for organizations that intend to reuse, adapt, and extend code over time. Writing code with the factors such as reputation, transparency, and performance in mind will increase the likelihood that it will be trusted in the near term and be reusable in the future. Furthermore, this research provides an important foundation for future studies exploring trusting behaviors, individual differences, and the ability to detect malicious code.