Software Security Expert Judgment Workshop 2014

Attending this workshop will benefit all persons performing or estimating software reverse engineering tasks

You may attend the workshop even if not participating in the research study.  Participation is not limited to JHU-APL employees and readers are encouraged to invite their qualified colleagues.

Please contact REuben Johnston at 2402285869 or REuben (dot) Johnston (at) jhuapl (dot) edu to register for a workshop or for more information.

Information session slides are available here

Information sessions:
  • Wednesday, August 20, 1230-1300

  • Wednesday, September 3, 1230-1300

  • Wednesday, September 10, 1230-1300


Workshop dates
:

  • Pilot Session, Saturday, August 23, 1400-1830, Building 1-Howard County Room 3 (back of Cafeteria)
  • Lunchtime Series I, Monday-Thursday, September 15-18, 1200-1300, B17-N431
  • Lunchtime Series II, Monday-Thursday, September 22-25, 1200-1300, B17-S490

  • Session III, Saturday, October 25, 1000-1430, Building 1-Howard County Room 3 (back of Cafeteria)
    º Enter through Lobby 1, follow signs to event
    º Links for directions to JHU-APL and for the a campus map are located at the bottom of this
page

  • Session IV, Saturday, November 22, 1400-1830,
Building 1-Howard County Room 3 (back of Cafeteria)

    º Enter through Lobby 1, follow signs to event
    º Links for directions to JHU-APL and for the a campus map are located at the
bottom of this page


Purpose

  • Do you perform or lead software reverse engineering (RE) or vulnerability assessment tasks?
  • Have you ever been asked to estimate for a software reverse engineering or vulnerability assessment task?
  • If so, was it challenging determining the answer?

If you answered yes to any of the above questions, this problem area is important to you!

We are soliciting software reverse engineering and vulnerability assessment personnel, including project managers, to participate in a research study titled, “Towards Understanding the Effects of Analysis Environment upon Security Vulnerability Discovery in Large SoftwareGWU IRB#07140.

JHU-APL’s REuben Johnston is leading this George Washington University (GWU) academic dissertation research study under the direction of Dr. Thomas Mazzuchi of the Department of Engineering Management and Systems Engineering at GWU. The study will explore the effects of various software release characteristics and analysis environments upon the post-release discovery of security vulnerabilities.

Information

Participants will be asked to attend one 4-hour elicitation workshop at the Johns Hopkins University Applied Physics Laboratory. The August workshop will be held in Building 1 (enter through Lobby 1); a sign will be placed in Lobby 1 containing the room information (see directions and campus map links below). 

Through this collaborative learning experience volunteer participants will help advance the science of software vulnerability discovery modeling. Participants will benefit from:    
  • REuben’s crash course introduction to approximately 50 metrics which possibly influence software analysis and reverse engineering (plus,  reflection time to ponder their levels of significance)
  • RE practice exercises on decompiled JAVA code
RE and vulnerability assessment knowledge exercises (plus, time to think about your personal software analysis and reverse engineering process)
  • Practice estimating discovery tasks, given certain different product release scenarios and analysis environments
  •
Concluding group discussions on
    º Metric influences upon discovery
    º Software analysis and reverse engineering processes used by the different participants
    º What makes the estimation process difficult
During the elicitation session, questions will be based upon crafted release scenarios for fictional software products.  Main elicitation sessions will ask the participants what the expected discovery counts would be within specified time intervals for various release scenarios and analysis environments.  In addition, there will be a separate set of RE and security analysis practice exercises (listed above).

No questions will solicit personally identifiable information.  Reported results of this research study will not name or identify attendees. Workshops will be no more than 4 hours (not including the two 15-minute breaks) and this event is strictly voluntary (i.e., not billable).  Participants may refuse to answer any of the questions and may also stop at any time. Possible risks or discomforts which could be experienced during this study include: loss of confidentiality and minimal psychological stress (estimated to be comparable to experiences from undergraduate third or fourth year level computer laboratory examinations).

If you are interested in volunteering or learning more about this study, please contact REuben Johnston at 2402285869 or REuben (dot) Johnston (at) jhuapl (dot) edu.


Information session slides,information_session_slides__v1_8.pdf
1.1 MB
.

Here is a one-page flyer to share, Johnston__APL_Flyer__v1_8.pdf
328.0 KB
.
Here is the information sheet for participants,
Johnston__Information_Sheet__Survey_Research__Exempt__v1_5.pdf
360.2 KB
.
Here is the experience questionnaire to complete, Johnston__Form_1__Experience_Questionnaire__v1_2.pdf
442.5 KB
.
Reverse Engineer or build and run this *.c file for assistance with the participation decision, expert_workshop.c
1.6 KB
.

Directions to JHU-APL

JHU-APL campus map

Website Builder