Understanding Development Ecosystems & The Role of Trainers and Auditors

July 31, 2020

Though business models vary case by case, there are significant differences between the development ecosystems of closed source tools (many of which are private and commercial) and open source tools. By understanding the humans and processes behind the tool, we can tailor our feedback and maximize the impact of our usability and accessibility recommendations. This blog explores tool team structures, providing insight into the design and development processes they implement.

Understanding the Closed Source Ecosystem

Many of the most popular private sector tools are closed source and well resourced. Most of these tools have well-established business models (including paid services and advertisements) that provide significant funding streams. They often have large teams of people working on the tool, specializing in particular areas such as design, user-experience, or marketing. In addition to large teams of developers or engineers who are focused on back-end development, many private sector tools will also have entire teams devoted to user testing or providing support to end users.

In this ecosystem, end users are rarely engaging directly with developers. Feedback from users is filtered through multiple team members (user support, UX experts, designers, etc.) and is vetted at multiple levels before eventually being converted into specific edits or changes to the tool.

Additionally, these well-resourced tools often have offices located around the globe and can afford to conduct targeted user-testing if they are seeking input from a particular user group.

A few examples of Closed Source Ecosystems include:

  • Facebook
  • Google
  • Microsoft

Understanding the Open Source Ecosystem

Alternatively, many of the most-used and most-critical open source digital security tools are maintained and updated by “tool teams” rather than businesses or organizations. These ad-hoc groups have little if any institutional capacity, are often under-resourced, and have limited insight into the specific needs of at-risk users.

The survival of many of these tools is dependent on the dedication of volunteers, often working in their free time simply because they are passionate about the project. Some tools are developed and maintained by only one core individual. Additionally, these small teams seldom include specific UX, user-research, or design experts.

While USABLE has experienced great results with tool teams that have the capacity to address identified usability barriers, many tool teams simply lack the necessary personnel or organizational structures that would allow them to respond directly or even receive funding to support a response. This traps tool teams – and by extension, the community of high-risk tool users – in a vicious cycle of only being able to focus on the most immediate and urgent needs without being able to prioritize long-term usability or scalability improvements.

A few examples of Open Source Ecosystems include:

  • The Guardian Project
  • Mailvelope
  • KeePassXC

The Role of Trainers/Auditors

Given these ecosystems, relevant and synthesized feedback from at-risk users via proper channels is incredibly valuable, particularly for open source tool teams with limited capacity. Trainers, auditors, and other facilitators who engage regularly with at-risk users are uniquely positioned to serve as trusted intermediaries between end users and tool teams. Based on their in-depth knowledge of user needs and challenges, as well as their understanding of privacy and security tools, trainers and auditors are able to synthesize and prioritize feedback. By ensuring that tool teams receive high-quality feedback reduces the burden for development teams, particularly those that may have limited bandwidth and resources, and increases the likelihood of tool teams implementing meaningful usability and accessibility enhancements within the tools at-risk communities rely on.

Though resources and structures may vary, the important role that users play in each of these ecosystems is undeniable. It is critical that we continue to connect, build trust, and close the feedback loop between tool creators and end users. In the end, we are all part of the same ecosystem working towards a more usable and secure future.