LACE (2012 - present)
LACE = Large-scale Assurance of Confidentiality Environment
Ideally, we can learn lessons from software projects across multiple organizations. However, a major impediment to such knowledge sharing are the privacy concerns of software development organizations. Continue reading...
FARSEC (2015 - present)
FARSEC = Filtering And Ranking SECurity Bug Reports
When mislabelled security bug reports (SBRs) are publicly disclosed in bug tracking systems, this presents malicious actors with a window of opportunity to exploit these security vulnerabilities. Continue reading...