Idea-caution before exploitation:the use of cybersecurity domain knowledge to educate software engineers against software vulnerabilities

The transfer of cybersecurity domain knowledge from security experts (‘Ethical Hackers’) to software engineers is discussed in terms of desirability and feasibility. Possible mechanisms for the transfer are critically examined. Software engineering methodologies do not make use of security domain knowledge in its form of vulnerability databases (e.g. CWE, CVE, Exploit DB), which are therefore not appropriate for this purpose. An approach based upon the improved use of pattern languages that encompasses security domain knowledge is proposed

Death adder envenoming causes neurotoxicity not reversed by antivenom - Australian snakebite project (ASP-16)

BACKGROUND: Death adders (Acanthophis spp) are found in Australia, Papua New Guinea and parts of eastern Indonesia. This study aimed to investigate the clinical syndrome of death adder envenoming and response to antivenom treatment. METHODOLOGY/PRINCIPAL FINDINGS: Definite death adder bites were recruited from the Australian Snakebite Project (ASP) as defined by expert identification or detection of death adder venom in blood. Clinical effects and laboratory results were collected prospectively, including the time course of neurotoxicity and response to treatment. Enzyme immunoassay was used to measure venom concentrations. Twenty nine patients had definite death adder bites; median age 45 yr (5-74 yr); 25 were male. Envenoming occurred in 14 patients. Two further patients had allergic reactions without envenoming, both snake handlers with previous death adder bites. Of 14 envenomed patients, 12 developed neurotoxicity characterised by ptosis (12), diplopia (9), bulbar weakness (7), intercostal muscle weakness (2) and limb weakness (2). Intubation and mechanical ventilation were required for two patients for 17 and 83 hours. The median time to onset of neurotoxicity was 4 hours (0.5-15.5 hr). One patient bitten by a northern death adder developed myotoxicity and one patient only developed systemic symptoms without neurotoxicity. No patient developed venom induced consumption coagulopathy. Antivenom was administered to 13 patients, all receiving one vial initially. The median time for resolution of neurotoxicity post-antivenom was 21 hours (5-168). The median peak venom concentration in 13 envenomed patients with blood samples was 22 ng/mL (4.4-245 ng/mL). In eight patients where post-antivenom bloods were available, no venom was detected after one vial of antivenom. CONCLUSIONS/SIGNIFICANCE: Death adder envenoming is characterised by neurotoxicity, which is mild in most cases. One vial of death adder antivenom was sufficient to bind all circulating venom. The persistent neurological effects despite antivenom, suggests that neurotoxicity is not reversed by antivenom.Christopher I. Johnston, Margaret A. O, Leary, Simon G. A. Brown, Bart J. Currie, Lambros Halkidis, Richard Whitaker, Benjamin Close, Geoffrey K. Isbister, for the ASP investigator

Reconciling Usability and Security: Interaction Design Guidance and Practices for On-Line User Authentication.

Usability and security are often portrayed as though they are competing priorities in information systems development. Given that both are essential to the design of an effective system, it is important that these two prerogatives should be reconciled. In recent years, there is growing concern with the rising incidence of on-line impersonation, theft and other types of fraud. It is therefore important that an information system must have a secure and rigorous way of authenticating a user¿s identity. This paper reviews the sources of literature on interactive design guidance for on-line user authentication, and then compares the actual practices of a purposefully selected sample of twelve Websites against the recommendations from the literature. Alarmingly, the findings of this study are that many Websites have user authentication processes which contain basic design flaws that are potentially open to exploitation by Internet criminals

Management of paediatric acute severe behavioural disturbance in emergency departments across Australia: A PREDICT survey of senior medical staff

Objective: Acute severe behavioural disturbance (ASBD) is a condition seen with increasing frequency in EDs. It poses a significant risk to the patient and those around them. Little is known about the epidemiology or most effective management in the paediatric population. The aim of the present study is to clarify the practice of senior emergency doctors in Australia when managing paediatric ASBD. Methods: The present study was a voluntary electronic questionnaire distributed to and undertaken by senior medical staff in EDs affiliated with the Paediatric Research in Emergency Departments International Collaborative (PREDICT) network. Respondents reported on exposure to and confidence in managing paediatric ASBD and their current practices. Results: A total of 227 (33%) clinicians completed the survey between February and May 2020. Most clinicians were caring for at least two young people with ASBD each week (72%), felt confident regarding the majority of components of management and referred to local clinical practice guidelines (69%). Agitation/ sedation rating scales were seldom used (19%). There was a significant variation in self-reported management practices. The choice of whether to use medication at all, the medication chosen and route of administration all varied greatly. Respondents were more willing to provide parenteral medication to young people reported as having recreational drug intoxication (84%) than those with neurodevelopment disorders (65%) when the same degree of agitation was reported. Conclusions: Within Australia, there is considerable variation in paediatric ASBD practice, in particular regarding medication provision. Further prospective research is required to inform best clinical practice.Elyssia M Bourke, Jonathan C Knott, Simon Craig, and Franz E Babl, on behalf of the Paediatric Research in Emergency Departments International Collaborative (PREDICT) Research Networ