Cybersecurity is an integral and essential part of dependability. Numerous everyday life and work activities, critical infrastructure, and national security must be protected from cyberattacks carried on by criminals, terrorists, or national states. A significant number of these cyberattacks and data breaches are due to exploiting software vulnerabilities. The emphasis of this talk is on a proactive approach to software security through secure software development and verification & validation. The talk will first focus on the characterization of software vulnerabilities based on an empirical investigation of data extracted from bug tracking systems which leads to the creation of vulnerability profiles that determine where and when the security vulnerabilities are introduced and what are the dominant vulnerabilities classes. Then, the focus will shift to automated classification of software bug reports to security related (i.e., vulnerabilities) and non-security related, using both supervised and unsupervised machine learning approaches. The talk will also address the benefits of the research findings, and discuss the challenges, and some approaches for future research in this area.
Professor, Lane Department of Computer Science and Electrical Engineering
West Virginia University
Katerina Goseva-Popstojanova is a Professor at the Lane Department of Computer Science and Electrical Engineering, West Virginia University, Morgantown, WV. Her research interests are in software engineering, cybersecurity, data analytics, and higher education in these areas. She received the National Science Foundation CAREER award in 2005 and has served as a Principal Investigator on various NSF, NASA, and industry-funded projects. She is leading the B.S. in Cybersecurity program and serving as an Academic Coordinator of the online M.S. in Software Engineering program. She has advised over 40 M.S. and Ph.D. students. She serves as an Associate Editor of the IEEE Transactions on Reliability and general co-Chair of ISSRE 2022. She has served as a Program co-chair of QRS 2021 and ISSRE 2007, and as a Guest Editor of the IEEE Transactions on Software Engineering and IEEE Transactions on Reliability. She has served on program and organizing committees of many international conferences and workshops.