Abstract: The US National Vulnerability Database indicates an ever-upward trend in reported vulnerabilities. Attackers only get more motivated, more aggressive, and more intelligent. The 2022 Verizon Data Breach report summarized the most recent trend, “… the financially motivated criminals and nefarious nation-state actors have rarely, if ever, come out swinging the way they did over the last 12 months.” The attackers are expanding their paths into software systems (a.k.a. their attack vectors) and searching for the weakest links in systems, which is often the system user. Detecting and responding to vulnerabilities is the least efficient and most reactive way to deal with security. Proactively designing and building security into software systems, languages, and frameworks is more efficient and effective, involving all software engineering. In this talk, I will summarize trends in software security research in software engineering venues over the past three years and identify opportunities for expanding software security research in software engineering.

Bio: Laurie Williams is a Distinguished University Professor in the Computer Science Department of the College of Engineering at North Carolina State University (NCSU). Laurie is a co-director of the NCSU Science of Security Lablet. She is also the Chief Cybersecurity Technologist of the SecureAmerica Institute. Her research focuses on software security; agile software development practices and processes, including continuous deployment; and software reliability, software testing and analysis. Laurie is an NSF CAREER award winner, an ACM Distinguished Scientist, and an IEEE Fellow.