Security is a property of human outcomes, not technical systems. Development teams have an increasing body of knowledge to draw on when thinking about the security of code, and increasingly even for the security of large, deployed systems. However, we’ve barely begun to think about how that knowledge changes security outcomes for humans. In many cases, teams ship systems without a clear understanding of what the humans that interact with them are trying to accomplish and what security means for those people’s goals. Let’s take a look at how security for humans affects the entire software development lifecycle, where it has the biggest impact, and some tools that can help teams get it right.
Eleanor Saitta is a security consultant specializing in architectural security for large-scale systems, integrating security into the development life-cycle, and cross-domain security for news organizations and NGOs targeted by nation states. Eleanor is a cofounder and developer for Trike, an open source threat-modeling methodology and tool, contributes to the Briar and Mailpile secure messaging projects, and is a frequent speaker.
©2015, O’Reilly UK Ltd • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • email@example.com