I'm probably being imprecise. There's a big and important discipline of assessing the usability of a system and the impact of all the affordances the interface of a system provides. I believe that also takes a special skillset, and it's a skillset I'm happy to see new initiatives like this taking on.
I am not suggesting that security usability (or, to keep it technical, security UX) is easy, or that software security practices are necessarily good at it.
I am not suggesting that security usability (or, to keep it technical, security UX) is easy, or that software security practices are necessarily good at it.