Speaker: Yonghee Shin
Title: Using Traditional Fault Prediction Metrics as Indicators of Software Vulnerabilities
Date/Time: Tuesday, 9/18/2012 @ 12pm
Location: 4201, Engineering Building
According to the Digital Forensics Association, the cost of security breaches that occurred between 2005 to 2010 reached $139 billion. The National Institute of Standards & Technology reports that the annual cost of inadequate infrastructure for software testing is estimated between $22 and $60 billion. Considering limited resources in organizations, it is essential to prioritize software testing effort to the most problematic areas of code. If problematic code has measurable attributes that can be distinguished from non-problematic code, then those attributes can be used to prioritize software testing effort. This talk discusses results from empirical studies in which a set of software metrics were used as indicators of software vulnerabilities. It also highlights the challenges and opportunities of using software metrics to find vulnerable code locations.
Yonghee Shin received the BS degree in computer science from Sookmyung Women’s University in Korea and the MS degree in computer science from Texas A&M University. She received the PhD degree in computer science from North Carolina State University. She worked as a postdoctoral researcher at DePaul University and recently joined GMU as a postdoctoral researcher. Her research interests are in software testing and software metrics focusing on software security, and requirements traceability. Before she return to academia for her MS degree, she worked for Daewoo telecommunications and Samsung SDS in Korea for eight years.