Skip to main content

Research Talk:  Empirical Investigations of Secure Development Practices

Date:October 6, 2015 
Talk Title:Empirical Investigations of Secure Development Practices
Speaker:Sam Weber, Senior Research Scientist at SEI
Time & Location:12:00pm - 1:00pm
Panther Hollow Room, CIC Building, Pittsburgh

Abstract

As a community, we’ve now had almost a half-century of experience in attempting to build secure systems. Although in general we’ve made incredible progress in cybersecurity, I argue that we’ve not made proportionate advances in creating and evaluating secure development processes. In this talk, I’ll describe two of my current research projects which aim to address this deficiency by empirically measuring and comparing development practices. The first of these projects investigates API design decisions which lead to more secure code, while the second compares competing threat modeling methodologies. Ultimately, the goal is to allow validation and rational improvement of secure development techniques.

Speaker Bio

Sam Weber’s primary research interests lie in the empirical evaluation of secure development methodologies.  He obtained his PhD from Cornell University on specification and verification, was a faculty member at Cornell University and the University of Pennsylvania, and an IBM T.J. Watson Research Center research staff member.  Before joining the Software Engineering Institute, he served as Program Director for NSF’s Secure and Trustworthy Cyberspace program.