Assistant Professor Michelle Mazurek and PhD student Doowon Kim awarded Best Paper
September 25, 2017
Assistant Professor Michelle Mazurek and PhD student Doowon Kim have recently been awarded the 5th annual NSA Best Scientific Cybersecurity Paper. Their paper called "You Get Where You're Looking For: The Impact of Information Sources on Code Security," was presented at at the 2016 IEEE Symposium on Security and Privacy. Mazurek and Kim worked with fellow researchers from CISPA, Saarland University. Their paper explores why software developers write programs that have security vulnerabilities and present scientific evidence confirming anecdotal stories in the programming community. The researchers investigate how different information sources available to the developer influence the developer's abilities to program quickly and securely.
According to the Cyber-Physical Systems Virtual Organization's annoucement, the NSA chose this paper "for excelling at multiple attributes of high quality scientific work and reporting."
They identified the most important elements of the paper: "First the authors developed laboratory study to control factors so they could accurately measure the information source variable and help determine the root cause of software vulnerabilities. These choices were based on their preliminary research in Android App developers where determined the best variable to measure. The research also included work to validate the results and they examined the limitations of their study. The paper did a thorough job explaining the research method which helps other researchers duplicate and build upon this work. The paper also has some actionable scientific based advice on developing better materials to have developers write more secure programs. This paper adds scientific knowledge to our understanding of how developers rely on information sources and the impact to the introduction of insecure software code."
Mazurek has also been in the news as a coauthor of an article in The Conversation (which was also published by the Los Angeles Times) entitled "Choose better passwords with the help of science."
The Department welcomes comments, suggestions and corrections. Send email to editor [at] cs [dot] umd [dot] edu.