Keynote: Developers are not the enemy! – On usability issues for secure software development.
Usability problems are a major cause of many of today’s IT-security incidents. Security systems are often too complicated, time-consuming, and error prone. For more than a decade, researchers in the domain of usable security (USEC) have attempted to combat these problems by conducting interdisciplinary research focusing on the root causes of the problems and on the creation of usable security mechanisms. While major improvements have been made, to date USEC research has focused almost entirely on the non-expert end-user.
However, many of the most catastrophic security incidents were not caused by end-users, but by developers. Heartbleed and Shellshock were both caused by single developers yet had global consequences. Fundamentally, every software vulnerability is caused by developers making a mistake, but very little research has been done into the underlying causalities and possible mitigation strategies.
In this talk we will explore usable security concepts for developers focusing on secure password storage and usability issues of software analysis.
Vorkenntnisse
No special skills required.
Lernziele
Get a better understanding for the importance of usability to improve security.