Skip to ContentSkip to Navigation
Research Bernoulli Institute Calendar

Colloquium Computer Science-Clemente Izurieta

When:Th 24-01-2019 16:00 - 17:00
Where:5173.0045 Linnaeusborg

Title:
On the Technical Debt of Security Weakness and Attacks

Abstract:
Managing technical debt associated with potential security breaches found during design iterations can lead to catching vulnerabilities (i.e., exploitable weaknesses) earlier in the software lifecycle. However, this is not enough because we must act quickly when vulnerabilities are exploited in an operational environment. We leverage SecDevOps to quickly react to attacks on an organization. In this colloquium we will discuss how we use CWE scoring to rank technical debt, and also how to map attack consequences to CWEs so that we can rank technical debt items according to potential impacts.