Accessibility statement

Why doesn't Johnny write secure software?

Wednesday 20 May 2020, 1.30PM

Speaker(s): Awais Rashid (U. of Bristol) UoY CS host: Delaram Kahrobaei

Software is in the very fabric of the systems we utilise in our daily lives - from online banking to social media through to critical infrastructures that bring water and electricity to our homes and drive systems such as transportation, health and governmental services.

Yet vulnerabilities in software continue to be a recurring issue despite major advances in libraries, APIs and tools to help developers write secure software and test the security of their software systems.

Almost 20 years ago, Alma Whitten and David Tygar wrote about the challenges faced by an archetypal user (Johnny) when utilising cryptography to secure communications. As appification and low cost, easy to program, hardware democratise software, what are the struggles that developers face when utilising the security libraries, APIs and tools at their disposal.

In this talk, I will discuss these struggles, their potential impact on the security of the security of the resultant software and the open research questions that need to be addressed to support developers in writing more secure software.

Watch back a video of the talk

Location: Online