Blogs (1) >>
VL/HCC 2020
Tue 11 - Fri 14 August 2020 Dunedin, New Zealand
Wed 12 Aug 2020 14:45 - 15:00 at Zoom Room - Understanding and Helping Developers Chair(s): Scott Fleming

The modern software security adversary employs persistent and evasive attack techniques, for example—using zero-day exploits that have not been disclosed publicly—to target high-profile companies for political and economic espionage or to exfiltrate sensitive data or intellectual property. To combat these threats, large organizations are adopting an emerging practice of staffing full-time offensive security teams, or red teams. To understand the workflows, culture, and day-to-day practices of software security engineers in red teams, we conducted 17 interviews with informants across five red teams within Microsoft. We found that software security engineers have substantial impact in the organization as they harden security practices, drawing from their diverse backgrounds. Software security engineers are both agile yet specialized in their activities, and closely emulate malicious adversaries—subject to some reasonable constraints. Although software security engineers are in some respects software engineers, they also have several consequential differences in how they write, maintain, and distribute software. The results of this work are applicable to practitioners, researchers, and toolsmiths who wish to understand how offensive security teams operate, situate, and collaborate with partner teams in their organization.

Wed 12 Aug
Times are displayed in time zone: (GMT-07:00) Pacific Time (US & Canada) change

14:15 - 15:08: Research Papers - Understanding and Helping Developers at Zoom Room
Chair(s): Scott FlemingUniversity of Memphis
research-papers14:15 - 14:30
Abdulaziz AlaboudiGeorge Mason University, Thomas LaTozaGeorge Mason University
Authorizer link
research-papers14:30 - 14:45
Emad AghayiGeorge Mason University, Aaron MasseyGeorge Mason University, Thomas LaTozaGeorge Mason University
Authorizer link Pre-print File Attached
research-papers14:45 - 15:00
Justin SmithLafayette College, Chris TheisenMicrosoft, Titus BarikMicrosoft
Authorizer link
research-papers15:00 - 15:07
Luiz Felipe Fronchetti DiasUniversity of São Paulo, Caio BarbosaPUC-RJ, Gustavo PintoUFPA, Igor SteinmacherNorthern Arizona University, Baldoino FonsecaFederal University of Alagoas (UFAL), Márcio RibeiroFederal University of Alagoas, Brazil, Christoph TreudeThe University of Adelaide, Daniel Alencar Da CostaUniversity of Otago
Authorizer link