*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Summary Sentence: Dan Votipka is an assistant professor at Tufts who has done interesting usable security research related to software vulnerabilities
Full Summary: No summary paragraph submitted.
SCP Title CardTitle: Vulnerability Discovery for All: A Human-Centric Approach to Software Vulnerability Discovery
Abstract: Software vulnerabilities persist as an important and costly challenge. Significant effort has been exerted toward automatic vulnerability discovery, but human intelligence generally remains required, and will remain necessary for the foreseeable future. Unfortunately, the pool of experts qualified to perform vulnerability discovery is small and homogeneous, leading to negative outcomes such as labor shortages and a lack of perspective diversity. In this talk, I will present the results of multiple studies investigating the humans at the center of vulnerability discovery. I will discuss the technical (e.g., the processes they follow to find vulnerabilities), along with the social (e.g., how they interact with others and navigate the bug bounty landscape) aspects of their work. From these results, I will lay out recommendations for developing more usable tooling, effective education, and more welcoming communities to make vulnerability discovery more approachable and inclusive.
Bio: Dr. Daniel Votipka is the Lin Family Assistant Professor in the Department of Computer Science at Tufts University. He received his PhD in Computer Science from the University of Maryland. His work focuses on understanding the processes and mental models of professionals who perform security-related tasks such as secure development, vulnerability discovery, network defense, and malware analysis to make security work more accessible and inclusive through improvements in automation, education, and policy. His work has been recognized with multiple best paper awards at top security and HCI venues and he was a recipient of the John Karat Usable Privacy and Security Student Research Award. Previously, he served in the US Air Force as a Cyber Warfare Officer assigned to the National Security Agency.
