I hear you! I'm a big advocate for usable security features, which means testing with real-live users, not putting someone like me as a tester (because I'm inherently biased, being a security professional).
I am hoping that as the years continue the security industry works harder to make every aspect of security easier and better for the consumer, with the goal of one day having the easiest way to do something will also always be the most-secure way to do it. This is my dream!
I also want to make security easier for Devs. Because right now it is Way. Too. Hard.
Yeah, it is really hard. I think systems should be designed with security from the start. Like you pointed out in your first article. I really wished the ActivityPub protocol was designed with cryptography implemented, but ... of course. It wasn't. And now we have a standardized social network protocol without confidentiality, and authenticated integrity.. which should've been baked in.
Yep. We are biased.
Things are getting better, slowly. We do have Libsodium for cryptography. Still, even then it can be confusing to those who don't understand.
But there isn't really a way to automatically implement secure code with cryptography built into the heart of it.
Only recently I've started thinking about security for the average user. Obviously still having a hard time ...
Hmm, you're right. I guess we shouldn't be giving users any choices that could potentially allow them to shoot themselves in the foot.
It's really hard being into security and trying to develop solutions for people who don't understand.
Because you have to think and feel like a end-user, when you're really not.
I hear you! I'm a big advocate for usable security features, which means testing with real-live users, not putting someone like me as a tester (because I'm inherently biased, being a security professional).
I am hoping that as the years continue the security industry works harder to make every aspect of security easier and better for the consumer, with the goal of one day having the easiest way to do something will also always be the most-secure way to do it. This is my dream!
I also want to make security easier for Devs. Because right now it is Way. Too. Hard.
Yeah, it is really hard. I think systems should be designed with security from the start. Like you pointed out in your first article. I really wished the ActivityPub protocol was designed with cryptography implemented, but ... of course. It wasn't. And now we have a standardized social network protocol without confidentiality, and authenticated integrity.. which should've been baked in.
Yep. We are biased.
Things are getting better, slowly. We do have Libsodium for cryptography. Still, even then it can be confusing to those who don't understand.
But there isn't really a way to automatically implement secure code with cryptography built into the heart of it.
Only recently I've started thinking about security for the average user. Obviously still having a hard time ...
This Twitter post might interest you, about notifying users:
twitter.com/stebets/status/1017366...