February 10, 2021: Human Factors in Secure Development – How we can help developers write secure code – with Yasemin Acar

Description: We are seeing a persistent gap between the theoretical security of e.g. cryptographic algorithms and real world vulnerabilities, data-breaches and possible attacks. Software developers – despite being computer experts – are rarely security experts, and security and privacy are usually, at best, of secondary importance for them. They may not have training in security and privacy or even be aware of the possible implications, and they may be unable to allocate time or effort to ensure that security and privacy best practices and design principles are upheld for their end-users. Understanding their education and mindsets, their processes, the tools that they use, and their pitfalls are the foundation for shifting development practices to be more secure. This talk will give an overview of security challenges for developers, and research avenues to address these.

About the speaker: Yasemin Acar is a Research Group Leader at MPI-SP, where she focuses on human factors in computer security. Her research centers humans, their comprehension, behaviors, wishes and needs. She aims to better understand how software can enhance users’ lives without putting their data at risk. Her recent focus has been on human factors in secure development, investigating how to help software developers implement secure software development practices. Her research has shown that working with developers on these issues can resolve problems before they ever affect end users. She was a visiting scholar at the National Institute for Standards and Technology in 2019, where she researched how users of smart homes want to have their security and privacy protected. She received the John Karat Usable Security and Privacy student Research Award for the community’s outstanding student in 2018. Her work has also been honored by the National Security Agency in their best cybersecurity paper competition 2016.

Venue: OnlineTime: 16:00-17:30. The lecture will be approximately 60 minutes, after which there will be time for questions.

Registration: Please register to get the Zoom meeting information.

The HAIC public outreach initiative aims to make cybersecurity more accessible to a broader audience. As part of this initiative, are organizing HAIC Talks, a series of public lectures on contemporary topics in cybersecurity. In the style of studia generalia, these lectures are free and open to everyone. No background knowledge in cybersecurity is required. HAIC Talks are made possible through the generous support of the Aalto University School of Science.

Sign-up for our HAIC Talks mailing list to hear about future events.