Date: March 21, 2019
Time: 11:00 AM - 12:00 PM
Location: Reitz Union, Room 2355
Host: UF CISE Department
Admission: This event is free and open to the public.
Detecting the 1%: Growing the Science of Vulnerability Discovery
Abstract: Daily news reports reveal the increasingly sophisticated security breaches that threaten our national security, our cyber infrastructure, our health, our finances, and democracy itself. Vulnerabilities enable these breaches. Yet, our studies and those of other researchers indicate that detected vulnerabilities are rare events, appearing in about 1-4% of software files. Protecting the American people and the American way of life, as outlined in the 2017 U.S. National Security Strategy, necessitates that organizations detect the 1% of files that contain exploitable vulnerabilities so that they can be remediated. Proactive security review and test efforts are necessary components of the software development life cycle. Resource limitations often preclude reviewing and testing the entire code base. Making informed decisions on what code to review can improve a team’s ability to find and remove more exploitable vulnerabilities. Therefore, engineers looking to prioritize security inspection and testing efforts may be better served by vulnerability-based detection techniques and tools, and effective prediction models. This talk will present an overview of extensive research of vulnerabilities and vulnerability discovery.
Biography: Laurie Williams is a Distinguished Professor in the Computer Science Department of the College of Engineering at North Carolina State University (NCSU). Laurie is a codirector of the NCSU Science of Security Lablet sponsored by the National Security Agency. Laurie’s research focuses on software security; agile software development practices and processes, particularly continuous deployment; and software reliability, software testing and analysis. In 2018, Laurie was named an IEEE Fellow for contributions to reliable and secure software engineering. Laurie was named an ACM Distinguished Scientist in 2011, and is an NSF CAREER award winner. In 2009, she was honored to receive the ACM SIGSOFT Influential Educator Award. Laurie received her Ph.D. in Computer Science from the University of Utah, her MBA from Duke University Fuqua School of Business, and her BS in Industrial Engineering from Lehigh University.