DEV Community


Discussion on: Pushing Left, Like a Boss! -- Part 2: Security Requirements

shehackspurple profile image
Tanya Janca Author

I hear you! I'm a big advocate for usable security features, which means testing with real-live users, not putting someone like me as a tester (because I'm inherently biased, being a security professional).

I am hoping that as the years continue the security industry works harder to make every aspect of security easier and better for the consumer, with the goal of one day having the easiest way to do something will also always be the most-secure way to do it. This is my dream!

I also want to make security easier for Devs. Because right now it is Way. Too. Hard.

Thread Thread
tarialfaro profile image
Tari R. Alfaro

Yeah, it is really hard. I think systems should be designed with security from the start. Like you pointed out in your first article. I really wished the ActivityPub protocol was designed with cryptography implemented, but ... of course. It wasn't. And now we have a standardized social network protocol without confidentiality, and authenticated integrity.. which should've been baked in.

Yep. We are biased.

Things are getting better, slowly. We do have Libsodium for cryptography. Still, even then it can be confusing to those who don't understand.

But there isn't really a way to automatically implement secure code with cryptography built into the heart of it.

Only recently I've started thinking about security for the average user. Obviously still having a hard time ...

Thread Thread
shehackspurple profile image
Tanya Janca Author

This Twitter post might interest you, about notifying users: