Software bugs underlie many security vulnerabilities, and have proven impossible to eradicate in practical settings. Indeed, new bugs and classes of bugs are found all the time, and one can safely assume that security-critical zero-day bugs lie dormant in any given software artifact one might consider. Yet, life must go on, and so we have learned to co-exist with bugs despite their ubiquity and the danger they pose. In this talk, I will present several lines of research that in one way or another address one central question: How do we obtain security in a buggy world? Along the way, we will discuss novel techniques for efficient bug-finding, how to rigorously evaluate bug-finding techniques, and new approaches for containing bugs and those that would exploit them.
- Tags
-