The high-profile attacks and data-breaches of the last few years have shown us the importance of securing our software. While it is good that we are seeing more tools that can analyze systems for vulnerabilities, this does not help the programmer write secure code in the first place. To prevent security from becoming a bottleneck–and expensive security mistakes from becoming increasingly probable–we need to look to techniques that allow us to secure software by construction.
This talk has two parts. First, I will present technical ideas from research, including my own, that help secure software by construction. Even though these are reasonable ideas, however, the gap between academia and industry often prevents these ideas from becoming realized in practice. Second, I will discuss what prevents longer-term security solutions from being commercialized, how we started the Cybersecurity Factory accelerator bridge the research/industry gap, and how we can work together to address the issues that remain.
Jean Yang is an Assistant Professor at Carnegie Mellon University in the Computer Science Department. She completed her PhD at MIT in 2015 and is spending the 2015-2016 academic year at Harvard Medical School. For her PhD thesis she created the Jeeves programming language for automatically enforcing security and privacy policies. Her work on Verve, an operating system verified automatically and end-to-end for type safety, won Best Paper Award at the Programming Language Design and Implementation Conference.