Why We Need a Science for Software Security presented at ESSoS 2013

by Laurie Williams,

Tags: Security

Summary : Cyber systems must inspire trust and confidence, comply with applicable security and other policies, predictably protect the integrity of data and resources as well as the privacy of data owners, and perform reliably and safely. For this predictability, scientific principles must underlie the design, analysis and operation of these systems because adversaries present ever-changing threats. Solving today’s security problems with targeted “engineering” solutions will not help us outsmart the adversaries. The determination to attack these hard security problems through the advancement of science drives an emphasis on being explicit regarding the scoping of problems, on hypothesis formation, on data gathering, and on analysis of that data. This explicitness can have significant benefits in supporting appraisals of the operational significance of work, and thus in transitioning research results into practice.