Our Publications
Here you find our publications.
2017
Pieczul, Olgierd; Foley, Simon; Zurko, Mary Ellen
Developer-centered security and the symmetry of ignorance Journal Article
In: ACM International Conference Proceeding Series, pp. 46–56, 2017, ISBN: 9781450363846.
Abstract | Links | BibTeX | Tags: •Security and privacy Usability in security and p, Software security engineering
@article{Pieczul2017,
title = {Developer-centered security and the symmetry of ignorance},
author = {Olgierd Pieczul and Simon Foley and Mary Ellen Zurko},
doi = {10.1145/3171533.3171539},
isbn = {9781450363846},
year = {2017},
date = {2017-01-01},
journal = {ACM International Conference Proceeding Series},
pages = {46--56},
abstract = {In contemporary software development anybody can become a developer, sharing, building and interacting with software components and services in a virtual free for all. In this environment, it is not feasible to expect these developers to be expert in every security detail of the software they use, and we discuss how difficult it can be to build secure software. In this respect, the practical challenges of the emerging paradigm of developer-centered security are explored, where developers would be required to consider security from the perspective of those other developers who use their software. We question whether current user-centered security techniques are adequate for this task and suggest that new thinking will be required. Two directions - symmetry of ignorance and security archaeology - are offered as a new way to consider this challenge.},
keywords = {•Security and privacy Usability in security and p, Software security engineering},
pubstate = {published},
tppubtype = {article}
}
In contemporary software development anybody can become a developer, sharing, building and interacting with software components and services in a virtual free for all. In this environment, it is not feasible to expect these developers to be expert in every security detail of the software they use, and we discuss how difficult it can be to build secure software. In this respect, the practical challenges of the emerging paradigm of developer-centered security are explored, where developers would be required to consider security from the perspective of those other developers who use their software. We question whether current user-centered security techniques are adequate for this task and suggest that new thinking will be required. Two directions - symmetry of ignorance and security archaeology - are offered as a new way to consider this challenge.