BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Penn Engineering Events - ECPv6.15.19//NONSGML v1.0//EN
CALSCALE:GREGORIAN
METHOD:PUBLISH
X-WR-CALNAME:Penn Engineering Events
X-ORIGINAL-URL:https://seasevents.nmsdev7.com
X-WR-CALDESC:Events for Penn Engineering Events
REFRESH-INTERVAL;VALUE=DURATION:PT1H
X-Robots-Tag:noindex
X-PUBLISHED-TTL:PT1H
BEGIN:VTIMEZONE
TZID:America/New_York
BEGIN:DAYLIGHT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
TZNAME:EDT
DTSTART:20180311T070000
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
TZNAME:EST
DTSTART:20181104T060000
END:STANDARD
BEGIN:DAYLIGHT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
TZNAME:EDT
DTSTART:20190310T070000
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
TZNAME:EST
DTSTART:20191103T060000
END:STANDARD
BEGIN:DAYLIGHT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
TZNAME:EDT
DTSTART:20200308T070000
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
TZNAME:EST
DTSTART:20201101T060000
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTART;TZID=America/New_York:20191105T150000
DTEND;TZID=America/New_York:20191105T160000
DTSTAMP:20260408T093421
CREATED:20191029T152743Z
LAST-MODIFIED:20191029T152743Z
UID:2194-1572966000-1572969600@seasevents.nmsdev7.com
SUMMARY:CIS Seminar: "Contesting Secure Development to Understand Security Mistakes"
DESCRIPTION:Abstract:  \nWith the ongoing\, frequent disclosure of the existence and exploitation of security vulnerabilities\, one might wonder: How can we can build software that is more secure? In an attempt to focus educational attention on this question\, and gather empirical evidence at the same time\, we developed the Build it\, Break it\, Fix it (BIBIFI) security-oriented programming contest. In BIBIFI\, teams aim to build specified software that should be correct\, efficient\, and secure. These goals mimic those of the real world. Security is tested when teams attempt to break other teams’ submissions. Winners are chosen from among the best builders and the best breakers. BIBIFI was designed to be open-ended — teams can use any language\, tool\, process\, etc. that they like.\n\nWe ran three 6-week contests involving a total of 156 teams from across the world\, and three different programming problems. Most participants had previous development experience and security education. Quantitative analysis from these contests found several interesting trends. For example\, the most efficient build-it submissions used C/C++\, but submissions coded in a statically-type safe language were 11× less likely to have a security flaw than C/C++ submissions. A manual\, in-depth qualitative analysis (using iterative open coding) of the vulnerabilities in 76 of these projects also revealed interesting trends. For example\, the analysis found that simple mistakes were least common: only 26% of projects introduced such an error. Conversely\, vulnerabilities arising from a misunderstanding of security concepts were significantly more common: 84% of projects introduced at least one such error. Overall\, our results have implications for improving secure-programming language choices\, API designs\, API documentation\, vulnerability-finding tools\, and security education.\n\nThis is joint work with James Parker\, Andrew Ruef\, Dan Votipka\, Kelsey Fulton\, Matthew Hou\, Michelle Mazurek\, and Dave Levin\, all at the University of Maryland
URL:https://seasevents.nmsdev7.com/event/cis-seminar-contesting-secure-development-to-understand-security-mistakes/
LOCATION:Wu and Chen Auditorium (Room 101)\, Levine Hall\, 3330 Walnut Street\, Philadelphia\, PA\, 19104\, United States
END:VEVENT
END:VCALENDAR