blog.regehr.org
Buying Into Open Source Security – Embedded in Academia
http://blog.regehr.org/archives/1211
John Regehr, Professor of Computer Science, University of Utah, USA. Buying Into Open Source Security. If you were given the opportunity to spend USD 100 million over five years to maximally improve the security of open source software, what would you do? Let’s just assume that the money comes with adequate administrative staff to manage awards and contracts so you can focus on technical issues. A few ideas:. Contracts for compatible rewrites of crufty-but-important software in safe languages. This post ...
blog.regehr.org
Producing Good Software From Academia – Embedded in Academia
http://blog.regehr.org/archives/1058
John Regehr, Professor of Computer Science, University of Utah, USA. Producing Good Software From Academia. Writing and maintaining good software from academia isn’t easy. I’ve been thinking about this because last week my student Yang Chen. Specifically, I’m bummed about not having a very good story for maintaining tools like Csmith. I suspect my situation is a common one for mid-career CS professors who work in systems, software engineering, security, PL, and other engineering-oriented parts of the fie...
blog.regehr.org
Static Analysis Benchmarks – Embedded in Academia
http://blog.regehr.org/archives/1217
John Regehr, Professor of Computer Science, University of Utah, USA. Many programmers would agree that static analysis is pretty awesome: it can find code defects that are very hard to find using testing and walkthroughs. On the other hand, some scientific validation of the effectiveness of static analysis would be useful. For example, this nice 2004 paper. More recently, in 2014, some researchers at the Toyota InfoTechnology Center. About this kind of thing just because it’s awesome. February 6, 2015.
sean.heelan.io
Sean Heelan's Blog – Page 2 – Program analysis, verification and security
https://sean.heelan.io/page/2
Sean Heelan's Blog. Program analysis, verification and security. SMT Solvers for Software Security (USENIX WOOT’12). July 27, 2012. May 26, 2016. At WOOT’12 a paper co-written by Julien Vanegue, Rolf Rolles and I will be presented under the title “SMT Solvers for Sofware Security”. An up-to-date version can be found in the Articles/Presentation. Section of this site. A quick review of the publication lists from major academic conferences focused on software security will show a massive number of papers d...
people.csail.mit.edu
SAT/SMT Summer School @ MIT organized by VIJAY GANESH
http://people.csail.mit.edu/vganesh/summerschool/index.html
SAT/SMT Solver Summer School 2011. Sunday, June 12- Friday, June 17, 2011. MIT Building 34 (Room 101), 50 Vassar Street, CAMBRIDGE, MA, USA. Lecture Slides and Notes. Constraint solvers have seen dramatic progress in the last decade, and are being used in a diverse set of applications such as program analysis, testing, formal methods, program synthesis, hardware verification, electronic design automation, computer security, AI, operations research (MAXSAT) and biology. Cambridge, MA, USA. University of C...
blog.regehr.org
Use of Assertions – Embedded in Academia
http://blog.regehr.org/archives/1091
John Regehr, Professor of Computer Science, University of Utah, USA. Assertions are great because they:. Support better testing,. Make debugging easier by reducing the distance between the execution of a bug and the manifestation of its effects,. Serve as executable comments about preconditions and postconditions,. Can act as a gateway drug to formal methods. Assertions are less than great because they:. Slow down our code,. Make our programs incorrect — when used improperly,. Will be true unless there i...