"The Scalability of Vulnerability Analysis"
Analyzing software for vulnerabilities is an important capability in ensuring the security of a computing system. As software has become more complex and ubiquitous, however, traditional vulnerability analysis techniques have failed to scale with the software. This talk will look through some of the history of vulnerability analysis, starting with manual analysis and simple fuzzing, and will move into modern intelligent fuzzing and symbolic execution. Trade-offs between analysis effectiveness and scalability will be discussed throughout, and the talk will conclude by looking at the potential future of hybrid human-computer vulnerability analysis.
Kennon Bittick is a research scientist at the Georgia Tech Research Institute's CIPHER Lab (Cybersecurity, Information Protection, and Hardware Evaluation Research Laboratory in Atlanta. Bittick contributes to the software assurance group within CIPHER. Past work includes Apiary, a community-focused threat intelligence tool developed by GTRI.
The Cybersecurity Lecture Series at Georgia Tech is a free, one-hour lecture from a thought leader who is advancing the field of information security and privacy. Invited speakers include executives and researchers from Fortune 500 companies, federal intelligence agencies, start-ups and incubators, as well as Georgia Tech faculty and students presenting their research. Lectures are open to all -- students, faculty, industry, government, or simply the curious.