A Tale of Two Tasks: Designing and Validating Secure Software

Abstract

Secure software development can be categorized into two major tasks: designing secure software and validating secure software. In this talk, we will review both categories as well as some resources helpful for continuous learning. Designing secure software requires being aware of good design patterns as well as avoiding patterns that are famous for introducing common bugs. Validating the security of a particular piece of software is an undecidable problem: there is no analysis that can guarantee that software is bug-free, but that doesn’t mean that the attempt should not be made. By narrowing the scope of what guarantees are made during analysis, one can collect actionable information both by statically inspecting code/binaries and dynamically running the program under analysis. We will discuss various techniques for both types of analysis.