Description
Creating secure software code requires software engineers to elicit and
follow the security requirements of the system they are building.
Software engineer teams might not have the security expertise to
approach this angle of software development confidently. With the
democratisation of access to software development and deployment,
software are often built by developers with neither software engineering
expertise nor security knowledge, a situation that could make systems
vulnerable. We present approaches based on short games, knowledge cards
and serious game jams designed to help these non-experts gain the
knowledge and ability to communicate on code security. These are some of
the outputs of the Secrious project published recently in the IEEE
Security & Privacy magazine, and in the ACM Games and Computer Standards
& Interfaces journals. The project was supported by the Engineering and
Physical Research Council (Grant EP/T017511/1 "Serious Coding: A Game
Approach To Security For The New Code-Citizens").
Manuel Maarek from Heriot-Watt University is visiting the Université de
Rennes/IRISA as part of the MLSEAN Machine Learning based software
systems SEcurity ANalysis project supported by the UK-France Science,
Innovation, and Technology Researcher Mobility Scheme.
Practical infos
Next sessions
-
Should I trust or should I go? A deep dive into the (not so reliable) web PKI trust model
Speaker : Romain Laborde - University of Toulouse
The padlock shown in the URL bar of our favorite web browser indicates that we are connected using a secure HTTPS connection and providing some sense of security. Unfortunately, the reality is slightly more complex. The trust model of the underlying Web PKI is invalid, making TLS a colossus with feet of clay. In this talk, we will dive into the trust model of the web PKI ecosystem to understand[…]-
SoSysec
-
Protocols
-
Network
-