This program is tentative and subject to change.
Over the past two decades we have seen an evolution of the application security landscape including the transitioning from an on-premise environment to a cloud-based one, which transformed the way development teams work, now heavily relying on continuous integration and continuous delivery. For application security, this presented new challenges with a transition to a DevSecOps model where security gets integrated at different levels of the software process and having different constraints on integration of appsec tools. In this talk we provide our experience over the past close to two decades on development of research in the vulnerability space to scale up methods of detecting vulnerabilities at scale over billions of lines of code and yet remain precise in results from these tools. Our insights led to the development of the Intelligent Application Security (IAS) vision to develop an integrated approach to improving application security including security issue prevention and remediation. We show how one can combine program analysis and synthesis techniques with LLM-based techniques to achieve our vision. These improvements lead not only to better security, they also improve developer productivity.
This program is tentative and subject to change.
Thu 11 SepDisplayed time zone: Auckland, Wellington change
09:00 - 10:00 | Keynote 2 (plenary)ICSME Plenary Events at OGGB4 260-073 Chair(s): Stephen MacDonell Victoria University of Wellington, Amjed Tahir Massey University, Dan Hao Peking University, Matthias Galster University of Canterbury | ||
09:00 60mKeynote | From Vulnerability Detection to DevSecOps Productivity ICSME Plenary Events |