BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Why Johnny doesn’t write secure software? - Awais Rashid\, Unive
 rsity of Bristol
DTSTART:20211207T150000Z
DTEND:20211207T160000Z
UID:TALK162436@talks.cam.ac.uk
CONTACT:Jack Hughes
DESCRIPTION:Software is in the very fabric of the systems we utilise in ou
 r daily lives - from online banking to social media through to critical in
 frastructures that bring water and electricity to our homes and drive syst
 ems such as transportation\, health and governmental services. Yet vulnera
 bilities in software continue to be a recurring issue despite major advanc
 es in libraries\, APIs and tools to help developers write secure software 
 and test the security of their software systems. Almost 20 years ago\, Alm
 a Whitten and Doug Tygar wrote about the usability challenges faced by an 
 archetypal user (Johnny) when utilising cryptography to secure communicati
 ons. Developers face similar challenges when utilising the security librar
 ies\, APIs and tools at their disposal. In this talk\, I will discuss insi
 ghts from over 5 years of research on these struggles and their potential 
 impact on the security of the resultant software. I will conclude by discu
 ssing ongoing work on exploring developers’ understanding of hardware se
 curity advances such as CHERI and how these may shape the way they develop
  software on future secure hardware architectures.\n\nBio: https://researc
 h-information.bris.ac.uk/en/persons/awais-rashid
LOCATION:Webinar
END:VEVENT
END:VCALENDAR