CoMeT | <%=title %>
Collaborative Management of Talks Hello! sign in or register
Bookmark Talks, Share with Friends, and We Recommend More!
Advanced Search
Talk Detail
Posted: chirayu on  Mar 23 11:01:27 PM
Title: Introducing The Vulnerability History Project  
Andy Meneely, PhD
Rochester Institute of Technology
Robert Dyer, PhD
Bowling Green State University
Sponsor: Association for Computing Machinery
Date: May 04, 2017 12:00 PM - 1:00 PM
Location: Online - Webinar


A critical piece of securing our nation's digital infrastructure is to reduce vulnerabilities in software. Vulnerabilities, while prevalent in the media and national conversation, are rare occurrences in software, existing in only approximately 1% of source code files. While many vulnerabilities look like simple coding mistakes, preventing these vulnerabilities is extraordinarily difficult as they are small, difficult to test for, and require an attacker mindset to think of. Software engineering researchers have been studying how these vulnerabilities manifest themselves in software from an empirical, evidence-based perspective. While research knowledge has proven useful to academic audiences, the stories of how vulnerabilities arise in software have yet to gain a wider audience, namely in students and professional software engineers.

In this webinar, Dr. Andy Meneely will discuss his efforts to create the Vulnerability History Project (VHP). The VHP is a data source, a collaboration platform, and a visual tool to explore the engineering failures behind vulnerabilities. The VHP is a collaboration among undergraduate students, security researchers, and professional software engineers to aggregate, curate, annotate, and visualize the history behind thousands of vulnerabilities that are patched in software systems every year. This data curation project allows researchers to conduct in-depth studies of open source products, as well as educate software engineers-in-training and in the field on what can go wrong in their software project that leads to vulnerabilities.


Andy Meneely
Assistant Professor
Rochester Institute of Technology

Andy Meneely has been an assistant professor of Software Engineering at RIT since 2011. His research and teaching is focused on how software engineers can build secure systems, and how we can learn from software project histories in a both quantitative and qualitative ways. Andy received his PhD in Computer Science at North Carolina State University in Raleigh, North Carolina under Laurie Williams. His doctoral dissertation, titled Investigating the Relationship between Developer Collaboration and Software Security involved formulating metrics to examine the socio-technical structure of software development teams using social network analysis. His research has resulted in many top-tier academic publications. He also earned his Masters at NCSU in 2008. Andy received his Bachelors of Arts at Calvin College, Grand Rapids, MI where he was a double-major in Computer Science and Mathematics.

Robert Dyer
Assistant Professor
Bowling Green State University

Robert Dyer is an Assistant Professor in the Department of Computer Science at Bowling Green State University. He received his Ph.D. from Iowa State University in 2013. His research areas are in Software Engineering, Big Data applications, and Programming Languages. Currently his research focuses on the Boa project, that provides a domain-specific language and infrastructure to allow researchers to easily mine a very large number of software repositories. Robert has served on the program committee for Modularity and OOPSLA Artifacts and reviewed for journals such as Empirical Software Engineering. He is currently a member of ACM SIGSOFT and SIGPLAN, and the ACM SIGSOFT Webinar Coordinator.

People Who Viewed This Talk, Also Viewed
RSS Feed: RSS 2.0
ATOM Feed: Atom
iCalendar: iCal
Share: Bookmark and Share
Google Calendar:
CoMeT Blog
©2009-2021 CoMeT - Supported by Google Grant
School of Information Sciences, University of Pittsburgh, 135 North Bellefield Avenue, Pittsburgh, PA 15260