With the rapid growth of Internet-of-Things (IoT) devices, especially in the context of smart homes, enduser programming is becoming increasingly common to easily create new functionalities by connecting IoT devices and online services using simple rules, such as event-condition-action (ECA) rules. Unfortunately, IoT devices and platforms are vulnerable under security terms, and the possible countermeasures to security threats are completely hidden to end-users. This position paper presents the idea of involving end-users in the management of security risks. In particular, we describe how existing ECA rules could be expanded to deal with security aspects, and possible strategies to support end-users in the definition and customization of security rules
