Research Projects

LACE (2012 - present)

LACE = Large-scale Assurance of Confidentiality Environment

Ideally, we can learn lessons from software projects across multiple organizations. However, a major impediment to such knowledge sharing are the privacy concerns of software development organizations. Continue reading...

FARSEC (2015 - present)

FARSEC = Filtering And Ranking SECurity Bug Reports

When mislabelled security bug reports (SBRs) are publicly disclosed in bug tracking systems, this presents malicious actors with a window of opportunity to exploit these security vulnerabilities. Continue reading...