Dr Andrew V. Jones will present “Dynamically Proving That Security Issues Exist” at the National Institute of Standards and Technology’s (NIST) Software Measures and Metrics to Reduce Security Vulnerabilities Workshop on Tuesday, July 12, 2016 at 1:40 PM ET in the Green Auditorium at NIST in Gaithersburg, Maryland.
Dr Jones’ presentation will focus on more accurate ways to perform security testing to find and prove the legitimacy of vulnerabilities, significantly reducing false positive results.
Static analysis solutions on the market today, while very useful, still offer high numbers of false positive results during software testing. This issue leaves security engineers with a “needle in a haystack” when identifying genuine risks. Through his research and case studies, Dr Jones will discuss methods for delving deeper into software security issues, how to mitigate against false positives and what particular metrics to look for when assessing the security of a given system.
As part of the Federal Cybersecurity Research and Development Strategic Plan, the goal of NIST’s workshop “is to gather ideas on how the Federal Government can best use taxpayer money to identify, improve, package, deliver, or boost the use of software measures and metrics to significantly reduce vulnerabilities.” You can find the full agenda and more information here.