Last year, we asked 75 developers to validate five certificates and understand the error messages they got.
Why did or didn't they succeed? What were the most common misconceptions? What resources did people use to determine the security consequences? Can we improve the situation by creating better documentation? In our research, we focused on error messages and documentation regarding the validation of TLS certificates. We'll present insights from the DevConf 2018 research booth, answering the questions from the previous paragraph.
We use TLS certificate validation as a real-world example to spark conversation on usable security and developer experience. This research is a part of the academic cooperation of Red Hat and Masaryk University.
Passionate about usable security, user experience, teaching and experiential learning. Actively organizing educational events in the community "Instruktoři Brno". Ceaselessly fascinated by the world.
