Abstract

Rather than recognizing software engineers' limitations, modern security practice has created an adversarial relationship between security software designers and the developers who use their software to construct applications. Using the example of cryptographic APIs, the authors show that developers aren't the enemy and that, to strengthen security systems across the board, security professionals must focus on creating developer-friendly and developer-centric approaches.