The Realsearch group envisions a future where trustworthy software-intensive systems improve the quality of people's lives. These systems will be created by a diverse community of software engineers that will employ methodologies based upon sound scientific research that is disseminated through freely-available, open resources. We envision software developers and researchers partnering to improve the capability of the software industry to efficiently produce trustworthy systems.
The goal of this research is to support analysts in security requirements engineering by developing and researching a frameworks, tools, and processes for producing and improving security requirements.
The goal of this research is to aid developers and software architects in making good component choices through an analysis of the relevance and utility of security metrics from the entire dependency tree associated with a package.
The goal of this project is to aid software practitioners in reducing the security risk of checked-in secrets through the development of empirically-based tools for identifying and prioritizing the eradication of already checked-in secrets and techniques for securely managing secrets to prevent injection of secrets into a codebase.
The goal of this research is to aid practitioners in determining which Vulnerability Detection Tools and Techniques to use, and how to use them. (Photo of the original Computer Bug Courtesy of the Naval Surface Warfare Center, Public domain, via Wikimedia Commons - we have been working on research in bugs and vulnerabilities for a long time, but not THAT long)
The goal of this research is to aid practitioners in producing more secure software products through the development of actionable security metrics, the identification of weak link signals, and the leveraging of software security measures in dependency graphs to select good components.
To aid security analysts in identifying and protecting against accidental and malicious actions by users or software through automated reasoning on unified representations of user expectations and software implementation to identify misuses sensitive to usage and machine context.