Open Source Design
The UI Layer of Security: What could go wrong?
February 1, 2026
1:30 PM – 1:55 PM Add to calendar
1:30 PM – 1:55 PM Add to calendar
UB4.132
<p>We spend enormous amounts of time and money auditing code for security holes. Whole industries are built around it. But for all that effort, we rarely look at the part of the system that is actually clicking the buttons and interpreting the warnings. The person with Dorito dust on their fingers and a coffee ring permanently branded on their desk, someone just trying to get things done in a tool that may or may not be helping them make safe decisions. A surprising number of real-world security failures happen not because the code is flawed, but because the interface leaves too much room for dangerous misunderstandings.</p>
<p>Drawing on our work at Ura with security-critical and open source projects, this talk explores how the user experience itself can introduce or amplify security risks and why these issues often slip through traditional code-focused reviews. We will look at memorable examples of user-driven failures, outline common UX surfaces where security risks emerge, and show why auditing the human side of the system is just as critical as auditing the code.</p>
Additional information
| Live Stream | https://live.fosdem.org/watch/ub4132 |
|---|---|
| Type | devroom |
| Language | English |
More sessions
| 2/1/26 |
<p>After working on a 12+ week project looking at how to express in the varied UI's of three package repositories (npm, pypi and RubyGems) we can now see more clearly what developers, across skill and knowledge levels, use in package repository pages to make a decision on the security of an OSS located on a registry. These decisions are critical for better understanding trust, value, social proof and the knowledge of secure practices across developers and helps answer the question: how much do ...
|
| 2/1/26 |
<p>What does safety look like in the age of Grok, misinformation, doxxing, and technology company founders imposing their own views of safety, surveillance, and ethics on their platforms? As a former trust and safety employee of the Wikimedia Foundation, and online gender based violence expert with over a decade of experience, this talk will cover new design patterns, best practices, and product tooling to help achieve safety, security and foster trust for all types of communities online, but ...
|
| 2/1/26 |
<p><strong>Gephi Lite</strong> is a web-based open-source network visualization tool built by a three-person engineering team. After two years of development, we had a functional application—and a nagging feeling that our interface wasn't working for users. The problem: we lacked the skills to diagnose what was wrong, let alone fix it. So we brought in <strong>Arthur Desaintjan</strong>, a design intern, to help us figure it out.</p> <p>In this talk, we'll share how we approached design at a ...
|
| 2/1/26 |
<p>Design systems evolved the process by which UI graphics are made, full with automation and deep integration. However, Open Source communities were left out of this bandwagon as most of the applications providing these capabilities were for pay or very limited for users.</p> <p>Fortunately, a new wave of design system applications, led by PenPot, has made an appearance with a bold strategy and Open Source at its core. As such, KDE Plasma saw an opportunity to build something unique to develop ...
|
| 2/1/26 |
<p>Open source thrives on contributions from developers, testers, and community builders, but design often gets left behind. With far fewer dedicated designers in FOSS than in the commercial tech world, usability issues go unaddressed, and end users feel the friction. The good news: you don’t need a design degree or a new job title to make a difference. In this talk, I’ll show how any contributor can use simple, practical design methods to identify and solve UX issues in their favorite open ...
|
| 2/1/26 |
<p>Understanding your users should be an important step of software development. In recent years, many end-user facing FLOSS communities integrated at least some aspects of design into their development. Unfortunately, most developer-centric projects still haven't started to even think about it.</p> <p>This talk concludes two years of user research in Forgejo, a Git-backed software forge and collaboration platform. Forgejo can be self-hosted or used on a public instance like Codeberg.org to ...
|
| 2/1/26 |
<p>The talk considers usage of eye trackers to track usability issues in FLOSS. The use of consumer-grade hardware eye trackers is considered for cases when there is an SDK for Linux available, and when there is not. A webcam-based software eye tracking approach is considered as well and compared with hardware eye tracking using illustrative examples. Visualization of short-term and long-term eye tracking data series is explained with sample code for Graphviz and GNU Octave. Examples of eye ...
|
