• From Code to Confidence: The Role of Human Factors in Secure Software Development | Human-Centered Cybersecurity Series with Co-Host Julie Haney and Guest Kelsey Fulton | Redefining CyberSecurity with Sean Martin

  • 2024/12/20
  • 再生時間: 44 分
  • ポッドキャスト

From Code to Confidence: The Role of Human Factors in Secure Software Development | Human-Centered Cybersecurity Series with Co-Host Julie Haney and Guest Kelsey Fulton | Redefining CyberSecurity with Sean Martin

無料で聴く

ポッドキャストの詳細を見る

  • サマリー

  • The latest episode of Redefining CyberSecurity on ITSPmagazine featured a thought-provoking discussion about integrating human factors into secure software development. Host Sean Martin was joined by Dr. Kelsey Fulton, Assistant Professor at the Colorado School of Mines, and Julie Haney, a computer scientist at the National Institute of Standards and Technology. The conversation explored how human-centered approaches can strengthen secure software practices and address challenges in the development process.A Human-Centered Approach to SecurityDr. Fulton shared how her research focuses on the human factors that impact secure software development. Her journey began during her graduate studies at the University of Maryland, where she was introduced to the intersection of human behavior and security in a course that sparked her interest. Her projects, such as investigating the transition from C to Rust programming languages, underscore the complexity of embedding security into the software development lifecycle.The Current State of Secure DevelopmentOne key takeaway from the discussion was the tension between functionality and security in software development. Developers often prioritize getting a product to market quickly, leading to decisions that sideline security considerations. Dr. Fulton noted that while developers typically have good intentions, they often lack the resources, tools, and organizational support necessary to incorporate security effectively.She highlighted the need for a “security by design” approach, which integrates security practices from the earliest stages of development. Embedding security specialists within development teams can create a cultural shift where security becomes a shared responsibility rather than an afterthought.Challenges in Adoption and EducationDr. Fulton’s research reveals significant obstacles to adopting secure practices, including the complexity of tools and the lack of comprehensive education for developers. Even advanced tools like static analyzers and fuzzers are underutilized. A major barrier is developers’ perception that security is not their responsibility, compounded by tight deadlines and organizational pressures.Additionally, her research into Rust adoption at companies illuminated technical and organizational challenges. Resistance often stems from the cost and complexity of transitioning existing systems, despite Rust’s promise of enhanced security and memory safety.The Future of Human-Centered SecurityLooking ahead, Dr. Fulton emphasized the importance of addressing how developers trust and interact with tools like large language models (LLMs) for code generation. Her team is exploring ways to enhance these tools, ensuring they provide secure code suggestions and help developers recognize vulnerabilities.The episode concluded with a call to action for organizations to support research in this area and cultivate a security-first culture. Dr. Fulton underscored the potential of collaborative efforts between researchers, developers, and companies to improve security outcomes.By focusing on human factors and fostering supportive environments, organizations can significantly advance secure software development practices.____________________________Guests: Dr. Kelsey Fulton, Assistant Professor of Computer Science at the Colorado School of MinesWebsite | https://cs.mines.edu/project/fulton-kelsey/Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead, National Institute of Standards and Technology [@NISTcyber]On LinkedIn | https://www.linkedin.com/in/julie-haney-037449119/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martin____________________________View This Show's SponsorsImperva | https://itspm.ag/imperva277117988LevelBlue | https://itspm.ag/levelblue266f6cThreatLocker | https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________ResourcesKelsey Fulton Biography: https://kfulton121.github.io/___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring this show with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplc
    続きを読む 一部表示

あらすじ・解説

The latest episode of Redefining CyberSecurity on ITSPmagazine featured a thought-provoking discussion about integrating human factors into secure software development. Host Sean Martin was joined by Dr. Kelsey Fulton, Assistant Professor at the Colorado School of Mines, and Julie Haney, a computer scientist at the National Institute of Standards and Technology. The conversation explored how human-centered approaches can strengthen secure software practices and address challenges in the development process.A Human-Centered Approach to SecurityDr. Fulton shared how her research focuses on the human factors that impact secure software development. Her journey began during her graduate studies at the University of Maryland, where she was introduced to the intersection of human behavior and security in a course that sparked her interest. Her projects, such as investigating the transition from C to Rust programming languages, underscore the complexity of embedding security into the software development lifecycle.The Current State of Secure DevelopmentOne key takeaway from the discussion was the tension between functionality and security in software development. Developers often prioritize getting a product to market quickly, leading to decisions that sideline security considerations. Dr. Fulton noted that while developers typically have good intentions, they often lack the resources, tools, and organizational support necessary to incorporate security effectively.She highlighted the need for a “security by design” approach, which integrates security practices from the earliest stages of development. Embedding security specialists within development teams can create a cultural shift where security becomes a shared responsibility rather than an afterthought.Challenges in Adoption and EducationDr. Fulton’s research reveals significant obstacles to adopting secure practices, including the complexity of tools and the lack of comprehensive education for developers. Even advanced tools like static analyzers and fuzzers are underutilized. A major barrier is developers’ perception that security is not their responsibility, compounded by tight deadlines and organizational pressures.Additionally, her research into Rust adoption at companies illuminated technical and organizational challenges. Resistance often stems from the cost and complexity of transitioning existing systems, despite Rust’s promise of enhanced security and memory safety.The Future of Human-Centered SecurityLooking ahead, Dr. Fulton emphasized the importance of addressing how developers trust and interact with tools like large language models (LLMs) for code generation. Her team is exploring ways to enhance these tools, ensuring they provide secure code suggestions and help developers recognize vulnerabilities.The episode concluded with a call to action for organizations to support research in this area and cultivate a security-first culture. Dr. Fulton underscored the potential of collaborative efforts between researchers, developers, and companies to improve security outcomes.By focusing on human factors and fostering supportive environments, organizations can significantly advance secure software development practices.____________________________Guests: Dr. Kelsey Fulton, Assistant Professor of Computer Science at the Colorado School of MinesWebsite | https://cs.mines.edu/project/fulton-kelsey/Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead, National Institute of Standards and Technology [@NISTcyber]On LinkedIn | https://www.linkedin.com/in/julie-haney-037449119/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martin____________________________View This Show's SponsorsImperva | https://itspm.ag/imperva277117988LevelBlue | https://itspm.ag/levelblue266f6cThreatLocker | https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________ResourcesKelsey Fulton Biography: https://kfulton121.github.io/___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring this show with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplc
続きを読む 一部表示

From Code to Confidence: The Role of Human Factors in Secure Software Development | Human-Centered Cybersecurity Series with Co-Host Julie Haney and Guest Kelsey Fulton | Redefining CyberSecurity with Sean Martinに寄せられたリスナーの声

カスタマーレビュー:以下のタブを選択することで、他のサイトのレビューをご覧になれます。

Audible.co.jp

Amazon.co.jp
レビューはまだありません。