Human Factors and Improving Application Security
We've just added a new article to the Essentials Series: Messaging and Web Security Volume II on the role of human factors and usability in application security. The article discusses the difference between security and trust and how to convey security information to users. From the article:
There is something of a disconnect between users and developers when it comes to application security. Developers and designers tend to think about the security of a system, that is, how to protect the integrity of the system, ensure confidentiality, and keep systems up and running in spite of threats from attackers and vulnerabilities in our own applications. Users do not usually think in those terms; for them the questions are about trust. Is this Web site really my bank’s site? Can I trust this online retailer not to sell or lose my credit card data? As application developers, we are faced with the challenge of bridging this divide. We must answer the question: how do we not only make this application secure, but how do we make it appear trustworthy to non-technical users?
Other articles in the Essential Series cover topics ranging from service oriented architecture and and database security to identity management and controlling unmanaged devices.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
