Secure Coding mailing list archives
Re: Installation and setup of secure applications
From: Burak DAYIOGLU <dayioglu () metu edu tr>
Date: Tue, 20 Jan 2004 19:53:55 +0000
Kenneth R. van Wyk wrote: All the talk last week here and elsewhere about Personal Firewall Day got me thinking about one of my personal soap boxes -- application installation and setup. After years of seeing countless examples of inadequately installed and configured applications, I became convinced that we don't pay enough attention to this phase of developing secure software, by and large anyway. Plus, I am fully aware that many people don't even agree that this is part of software development per se. Hi Kenneth, Good point. I believe the problematic issue of correctly configuring and operating systems is not much a technical one. ;) I don't know who on the list are aware of HCISec but it is a relatively new area of research that attempts to answer the question "how can we improve security through the application of human-computer interaction (HCI) principles and concepts to the domain of information security?". The discussion is fundamental and research evidence reveals that designing security in systems in a way that (i) they are designed in a user-centered way (ii) have implicit security actions that are triggered with application actions and (iii) built upon well-known and accepted security patterns is a desirable and reaches "better" results. I suggest anyone involved in wholistic security issues to have a peek at the papers from the recent HCISec Workshop held as part of the ACM CHI2003 Conference. Workshop papers are available at http://www.andrewpatrick.ca/CHI2003/HCISEC/. cheers. -- Burak DAYIOGLU Consultant, Pro-G Information Security and Research Ltd. http://www.pro-g.com.tr [EMAIL PROTECTED] Phone: +90 312 2101494 Fax: +90 312 2101493
Current thread:
- Installation and setup of secure applications Kenneth R. van Wyk (Jan 20)
- Re: Installation and setup of secure applications Burak DAYIOGLU (Jan 20)
- Re: Installation and setup of secure applications Andreas Saurwein (Jan 20)
- Re: Installation and setup of secure applications Jose Nazario (Jan 20)
- Re: Installation and setup of secure applications der Mouse (Jan 20)
- Re: Installation and setup of secure applications Erik van Konijnenburg (Jan 20)
- Re: Installation and setup of secure applications Jose Nazario (Jan 20)
- <Possible follow-ups>
- Installation and setup of secure applications Jean-Francois Poirier (Jan 20)
- Re: Installation and setup of secure applications Damir Rajnovic (Jan 21)
- Re: Installation and setup of secure applications carolyn . ryll (Jan 20)
- Re: Installation and setup of secure applications Andreas Gaupmann (Jan 20)