Keynote: Developers are not the enemy! – On usability issues for secure software development.

Usability problems are a major cause of many of today’s IT-security incidents. Security systems are often too complicated, time-consuming, and error prone. For more than a decade, researchers in the domain of usable security (USEC) have attempted to combat these problems by conducting interdisciplinary research focusing on the root causes of the problems and on the creation of usable security mechanisms. While major improvements have been made, to date USEC research has focused almost entirely on the non-expert end-user.

However, many of the most catastrophic security incidents were not caused by end-users, but by developers. Heartbleed and Shellshock were both caused by single developers yet had global consequences. Fundamentally, every software vulnerability is caused by developers making a mistake, but very little research has been done into the underlying causalities and possible mitigation strategies.

In this talk we will explore usable security concepts for developers focusing on secure password storage and usability issues of software analysis.


No special skills required.


Get a better understanding for the importance of usability to improve security.




Matthew Smith
Matthew Smith is a Professor for Usable Security and Privacy at the University of Bonn and Fraunhofer FKIE. His research is focused on human factors of security and privacy with a wide range of application areas. His work has been published at amongst others IEEE S&P, ACM CCS, USENIX Security, NDSS, ACM SIGCHI and SOUPS the Symposium on Usable Security and Privacy. Matthew is also actively involved in the organisation of top academic conferences and is serving on the steering committees of SOUPS, USEC and EuroUSEC as well as serving as program co-chair for SOUPS 2016 and 2017 and program co-chair for IEEE EuroS&P 2017 and 2018. In 2017 he co-founded the start-up Code Intelligence to help companies integrate cutting edge, developer friendly dynamic software testing into their software development lifecycle.


WIBU Systems


RIPS Technologies




Sie möchten über die heise devSec
auf dem Laufenden gehalten werden?