Photo by Samuel Zeller on Unsplash
Shamal Faily has recently been awarded funding through Innovate UK’s Cybersecurity Academic Startup Programme to develop value propositions around a commercial derivative of the open-source CAIRIS called HuaHana: a productivity platform for usable and secure software design.
HuaHana will provide tools that usability specialists, security engineers, and software architects can use for contributing design data, and visualising not just the software being designed, but its broader context of use. Because the tools fit the practices of security, usability, and software designers, HuaHana will make it possible to evaluate a software product’s threat model, or identify potential usability issues leading to human error or misuse early in a product’s life.
HuaHana will also close the gap between design and development & testing. HuaHana models will be easy to create using common development tools, and HuaHana will provide an API that developers can use to build extensions for their own productivity tools. This will make it possible to derive test cases for HuaHana models, and exchange information with development productivity tools like GitHub and JIRA.
HuaHana pushes the current ‘DevSecOps’ paradigm to ‘DesignSecOps’ because design models are not simply forgotten when development commences, but integrated into development and testing activities. This makes it possible to use continuous integration testing to evaluate the impact of changes to usability expectations or contexts of use.