DIMACS Workshop on Software Security

January 6-7, 2003
DIMACS Center, CoRE Building, Rutgers University

Gary McGraw, Cigital, gem@cigital.com
Ed Felten, Princeton University, felten@cs.princeton.edu
Virgil Gligor, University of Maryland, gligor@umd.edu
Dave Wagner, University of California at Berkeley, daw@cs.berkeley.edu
Presented under the auspices of the Special Focus on Communication Security and Information Privacy.


Dan Geer,

Title: Software Security in the Big Picture

Security investment does not yet have the direct linkages to the creation of business value that other IT investments do, and executives cannot hope to show value via cost-benefit -- cost-effectiveness will be hard enough -- but the future unequivocally belongs to the quants. Metrics that make security rational will be vulnerability-modeled and data-calibrated. They will rely on information sharing about incidents (frequency, dollars lost, whether the event was even caught...) and on log analysis that can separate the anomalous from the normal. The National Strategy already focuses on vulnerabilities rather than threats, and SDLCs should include security before software liability takes hold, as it soon will. None of this is surprising -- it is just what business maturity would predict.

Michael Howard, Microsoft

Title: Trustworthy Computing - An Insider's View

In this presentation, Michael Howard will outline the overall Trustworthy Computing goals, as well as the short-term and long-term steps being taken to achieve the goal. He will also outline the tactical and strategic goals of the series of 'security pushes' at Microsoft, as well as the development life-cycle changes underway at the company.

Brian Kernighan, Princeton University

Title: Coding Excellence: Security as a Side Effect of Good Software

Good programming languages are often thought a prerequisite for robust and secure software. Yet most of the time, language is secondary: sound design and good programming practices are much more important. Good programmers program well in any language, but no language can prevent a bad programmer from writing bad code. So while we wait for more perfect languages to be developed, and then be accepted by the majority of programmers, there is much that we can do today to improve programming practice and thus improve the security properties of our programs.

Gary McGraw, Cigital

Title: The Art and Science of Software Security

Computer security researchers and practitioners have come to recognize the critical role that software plays in security. Software security is the art of proactively building software to be reliable and secure. By contrast, network security tends to emphasize a reactive law enforcement stance, and in many cases does not identify the root cause of security problems (bad software).

Making software behave is hard, and security subtleties only exacerbate the problem. Internet-enabled software applications, especially custom applications, present the most common security risk encountered today, and are the target of choice for real hackers.

This talk provides an introduction to the problem of software security. I discuss the magnitude of the problem and some of the root causes, which I call the trinity of trouble. I briefly discuss security engineering, security requirements, testing for security, and the idea of software risk management. I then propose some open questions meant to stimulate discussion and clarify some aspects of this exciting new field.

Next: Call for Participation
Workshop Index
DIMACS Homepage
Contacting the Center
Document last modified on September 19, 2002.