HuaHana: a productivity platform for usable and secure software design

Everyone agrees that security needs to be 'built in' to the design of software. To incorporate security into any design, it must meet the goals and expectations of its customers. Yet, besides platitudes, there are no tools on the market illustrating how to do this. Advances in software engineering mean that development and testing practices are getting closer, but the gap in tools and practices between usability & security design and software development remain wide. The gap is not helped by limited, adhoc tools that security and usability design practitioners use to improve their productivity during design.

Our solution to this problem is HuaHana: a productivity platform for usable and secure software design.
HuaHana provides tools that usability specialists, security engineers, and software architects can use for contributing design data, and visualising not just the software being designed, but its broader context of use. Because the tools fit the practices of security, usability, and software designers, HuaHana makes it possible to evaluate a software product's threat model, or identify potential usability issues leading to human error or misuse early in a product's life.
HuaHana also closes the gap between design and development & testing. HuaHana models are easy to create using common development tools, and HuaHana provides an API that developers can use to build extensions for their own productivity tools. This makes it possible to derive test cases for HuaHana models, and exchange information with development productivity tools like GitHub and JIRA.

HuaHana pushes the current 'DevSecOps' paradigm to 'DesignSecOps' because design models are not simply forgotten when development commences, but integrated into development and testing activities. This makes it possible to use continuous integration testing to evaluate the impact of changes to usability expectations or contexts of use.