ABSTRACT
This chapter discusses how validity threats can be analyzed and mitigated in secure software engineering research studies. It includes examples that demonstrate how authors have discussed and addressed threats to validity in secure software engineering research. The validity of a study is the extent to which its design and conduct are likely to prevent systematic errors, or bias. This is distinct from the larger question of how a piece of research might have low quality, since quality has more aspects than validity. A validity threat is a specific way in which a study might be wrong. The analysis of threats to validity has become a common practice in empirical software engineering studies. Threats to validity will always be present in any empirical research. The goal is to try to mitigate as many known possible threats to research validity as possible. Validity in qualitative research has a different set of characteristics than in quantitative studies.
