[US KEYNOTE] The security advice fiasco: A rallying cry for experts, practitioners, and researchers
HTML-код
- Опубликовано: 13 окт 2024
- Dr Michelle Mazurek - Associate Professor of Computer Science, University of Maryland
In an ideal world, automated tools and systems could manage security and privacy seamlessly and transparently with minimal human input. In the real world, we are nowhere close to that ideal. Instead, in order to achieve good security and privacy outcomes, people need to absorb and apply high-quality security and privacy information and advice.
This applies not only to end users, but also to software developers, product managers, and even security operations professionals. Sadly, the current state of the security advice and information ecosystem is in many respects a disaster. End users often get their advice from TV shows, movies, and even misleading influencer ads, while software developers take unvetted suggestions from Stack Overflow.
Much of the available guidance - whether from TV shows or directly from experts - is outdated, unimportant, contradictory, or simply impossible. It’s no wonder that people give up and conclude there’s nothing they can do to help themselves. This sad state of affairs is, in many ways, the fault of the security community. Security experts often refuse to prioritize, recommending maximum security without tailoring to specific situations.
Researchers evaluate tools and techniques in idealized rather than realistic use contexts, and have made little progress in accurately measuring the costs and benefits of any particular intervention. In this talk, I will review the many problems of the security and privacy information and advice ecosystem, and how we got here. I’ll outline our responsibility, as experts, practitioners, and researchers, to help improve the quality, availability, and usability of security and privacy information. Finally, I’ll discuss what we know (and what we need to find out) about how to make progress.
![VENEZUELA vs. ARGENTINA [1-1] | RESUMEN | ELIMINATORIAS SUDAMERICANAS | FECHA 9](http://i.ytimg.com/vi/SJfoPdeOPCQ/mqdefault.jpg)
![[UK KEYNOTE] Wicked problems: Understanding cybersecurity’s unique complexities for a better future](/img/1.gif)