October 2019 Update
As will surprise very few researchers, our blog is out of date! However, that's because we've been working hard coding our data, working on our concept inventory, and developing hands-on exercises (and a delivery framework) to teach improved ways of thinking about these issues. Here's a status report, as of late October, 2019. We completed our survey in the spring of 2019; 87 respondents generated 469 responses about "commonsense misconceptions" that they believed novices often hold about computer security. We coded our data looking for highly represented misconceptions, which resulted in a list of 17 succinct, one-sentence descriptions of those misconceptions, which we have also expanded into short (1-2 paragraph) explanations. We have started work on our concept inventory, which will be a multiple-choice test to help identify the extent to which CS students (or other novices) hold these misconceptions about security. We are following an approach where we d