Organizational practices in cryptographic development and testing | IEEE Conference Publication | IEEE Xplore

Organizational practices in cryptographic development and testing


Abstract:

Organizations developing cryptographic products face significant challenges, including usability and human factors, that may result in decreased security, increased devel...Show More

Abstract:

Organizations developing cryptographic products face significant challenges, including usability and human factors, that may result in decreased security, increased development time, and missed opportunities to use the technology to its fullest potential. To better identify these challenges, we explored cryptographic development and testing practices by conducting a web-based survey of 121 individuals representing organizations involved in the development of products that include cryptography. We found that participants used cryptography for a wide range of purposes, with most relying on generally accepted, standards-based implementations as guides. However, many also developed their own implementations and drew on nonstandards based resources to inform their development and testing processes. Our results also highlight challenges that incorporating cryptography within products creates within organizations, including the recruitment and management of talent, the product lifecycle, and the ability to explain the security value of products to customers. We conclude by discussing implications of these findings and opportunities for future research.
Date of Conference: 09-11 October 2017
Date Added to IEEE Xplore: 21 December 2017
ISBN Information:
Conference Location: Las Vegas, NV, USA

References

References is not available for this document.