Are easily usable security libraries possible and how should experts work together to create them?

TL;DR

This paper discusses the challenges in creating easily usable security libraries for non-expert developers and emphasizes the importance of collaboration among cryptographic and usability experts to improve security tools.

Contribution

It highlights the need for interdisciplinary collaboration to enhance the usability of security libraries and addresses the difficulties in making security tools accessible to non-experts.

Findings

Security libraries are often not easily usable by non-experts

Collaboration among cryptography and usability experts is crucial

Usability improvements can reduce vulnerabilities in security applications

Abstract

Due to non-experts also developing security relevant applications it is necessary to support them too. Some improvements in the current research may not reach or impact these developers. Nonetheless these developers use security libraries. There are findings that even their usage is not easily possible and applications are left vulnerable to supposedly treated threats. So it is important to improve the usability of the security libraries. This is itself is not straightforward because of a required maturing process for example. By getting together experts of different involved areas, especially cryptographic and API-usability experts, both of the problems can be tackled.