Security Vulnerabilities in Configuration Scripts: Lessons Learned and Opportunities Moving Forward (SVM 2025)

Track

SVM 2025 Software Vulnerability Management

This program is tentative and subject to change.

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Sat 3 May 2025 09:10 - 10:30 at 204 - Morning Session

Abstract

Configuration scripts are used to automatically manage computing infrastructure. Despite playing a pivotal role in setting up modern computing infrastructure, security vulnerabilities in configuration scripts can lead to serious consequences. As part of my presentation, I will discuss recent research efforts, what lessons can we learn, and the opportunities this domain presents.

Bio

Akond Rahman is an assistant professor at Auburn University. His research interests include DevOps and Secure Software Development. He graduated with a PhD from North Carolina State University, an M.Sc. in Computer Science and Engineering from University of Connecticut, and a B.Sc. in Computer Science and Engineering from Bangladesh University of Engineering and Technology. He won the ACM SIGSOFT Doctoral Symposium Award at ICSE in 2018, the ACM SIGSOFT Distinguished Paper Award at ICSE in 2019, the CSC Distinguished Dissertation Award, and the COE Distinguished Dissertation Award from NC State in 2020. He actively collaborates with industry practitioners from GitHub, WindRiver, and others. To know more about his work visit https://akondrahman.github.io/