University of Cambridge > > Computer Laboratory Security Seminar > Why Johnny doesn’t write secure software?

Why Johnny doesn’t write secure software?

Add to your list(s) Download to your calendar using vCal

  • UserAwais Rashid, University of Bristol
  • ClockTuesday 07 December 2021, 15:00-16:00
  • HouseWebinar.

If you have a question about this talk, please contact Jack Hughes.

Software is in the very fabric of the systems we utilise in our daily lives – from online banking to social media through to critical infrastructures that bring water and electricity to our homes and drive systems such as transportation, health and governmental services. Yet vulnerabilities in software continue to be a recurring issue despite major advances in libraries, APIs and tools to help developers write secure software and test the security of their software systems. Almost 20 years ago, Alma Whitten and Doug Tygar wrote about the usability challenges faced by an archetypal user (Johnny) when utilising cryptography to secure communications. Developers face similar challenges when utilising the security libraries, APIs and tools at their disposal. In this talk, I will discuss insights from over 5 years of research on these struggles and their potential impact on the security of the resultant software. I will conclude by discussing ongoing work on exploring developers’ understanding of hardware security advances such as CHERI and how these may shape the way they develop software on future secure hardware architectures.


This talk is part of the Computer Laboratory Security Seminar series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.


© 2006-2024, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity