Practical Insights into Human-Centered Secure Development π
Join Michelle Mazurek, a leading expert, as she explores effective, human-focused strategies for secure software development in real-world settings.
DS3: Developing Secure Systems Summit
106 views β’ Dec 16, 2020
About this video
Speaker: Michelle Mazurek
Michelle Mazurek is an Associate Professor in the Computer Science Department and the Institute for Advanced Computer Studies at the University of Maryland, College Park. Her research aims to understand and improve the human elements of security- and privacy-related decision making. Recent projects include examining how and why developers make security and privacy mistakes; investigating the vulnerability-discovery process; evaluating the use of threat-modeling in large-scale organizations; and analyzing how users learn about and decide whether to adopt security advice. Her work has been recognized with an NSA Best Scientific Cybersecurity Paper award and three USENIX Security Distinguished Paper awards. She was Program Chair for the Symposium on Usable Privacy and Security (SOUPS) for 2019 and 2020 and will be Program Chair for the Privacy Enhancing Technologies Symposium (PETS) for 2022 and 2023.
Abstract
Secure development is not just a technical problem: itβs a human and organizational problem as well. To understand the causes of insecurity, and find effective solutions, we must understand how and why security problems happen, and what barriers stand in the way of fixing them. How can we make it easier for developers to write secure code, even without special training? In this talk, I will report on findings from several recent studies addressing these questions. These include examining the effects of information resources and API design on developers' likelihood of writing secure code; using data from a secure programming contest to explore the kinds of security mistakes developers make; and exploring the benefits and barriers associated with adoption of a secure programming language.
Michelle Mazurek is an Associate Professor in the Computer Science Department and the Institute for Advanced Computer Studies at the University of Maryland, College Park. Her research aims to understand and improve the human elements of security- and privacy-related decision making. Recent projects include examining how and why developers make security and privacy mistakes; investigating the vulnerability-discovery process; evaluating the use of threat-modeling in large-scale organizations; and analyzing how users learn about and decide whether to adopt security advice. Her work has been recognized with an NSA Best Scientific Cybersecurity Paper award and three USENIX Security Distinguished Paper awards. She was Program Chair for the Symposium on Usable Privacy and Security (SOUPS) for 2019 and 2020 and will be Program Chair for the Privacy Enhancing Technologies Symposium (PETS) for 2022 and 2023.
Abstract
Secure development is not just a technical problem: itβs a human and organizational problem as well. To understand the causes of insecurity, and find effective solutions, we must understand how and why security problems happen, and what barriers stand in the way of fixing them. How can we make it easier for developers to write secure code, even without special training? In this talk, I will report on findings from several recent studies addressing these questions. These include examining the effects of information resources and API design on developers' likelihood of writing secure code; using data from a secure programming contest to explore the kinds of security mistakes developers make; and exploring the benefits and barriers associated with adoption of a secure programming language.
Tags and Topics
Browse our collection to discover more content in these categories.
Video Information
Views
106
Likes
3
Duration
01:28:30
Published
Dec 16, 2020
Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.