Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Adam Shostack here. At the end of BlueHat v10, I gave a 5 minute talk on Elevation of Privilege. I didn't have a slide deck, but rather a card deck, and so wanted to blog what I'd said and why it matters to those of you working to bring secure development to your organizations. Let me start with that.
Elevation of Privilege is a game for security. You can see the how & a bit of the why here. Now, it sounds strange to talk about a game for security. Security is serious stuff. We’re serious about it, and if you’re reading this blog, so are you.
As Michael Howard said in his keynote, security experts are often tremendously engaged and passionate about security. We know that we need to do it. Being serious about it doesn’t mean experts don’t have fun threat modeling. And when we bring some of the things we need to do to non-experts, they have a harder time getting into it. We need to bring security to developers and managers in ways which are understandable and engaging.
Games can help us make security activities more interesting and accessible.
So I want to talk a bit about why the game works and then how to make your own game.
First, why does a game help overcome cultural barriers?
And second, games are fun. You should make a game. Here's how I did it.
Making a game is fun, impactful and rewarding way to bring new ideas and new practices to your organization. If you’re having trouble rolling out secure development practices, why not try Elevation of Privilege or a game of your own?