Allan Schiffman has sorted through the papers from the DIMACS Workshop on Usable Privacy and Security Software, and has summaries and recommendations in “Bad Security = Bad UI?.”

[Update: Oh, the irony of a conference on usability naming all their files things like "blaze.pdf" or "garfinkel.ppt"-- how about "blaze-usable-privsec.pdf," so I can easily archive the files?]