IEEE Secure Development Conference

October 18 - 20, 2022
Georgia Tech Hotel and Conference Center
Atlanta, GA

Sponsored by the IEEE Computer Society Technical Committee on Security and Privacy



Posted on: September 21st, 2022 by SecDev

Jack W. Davidson
University of Virginia

DevSecOps: Delivering Reliable and Secure Software Systems via Automated Bug Finding and Hardening

Bio: Jack W. Davidson is a Professor of Computer Science in the School of Engineering and Applied Science at the University of Virginia. He joined the faculty in 1981 after receiving his Ph.D. in Computer Science from the University of Arizona. Professor Davidson’s research interests include compilers, computer security, programming languages, computer architecture, and embedded systems. He is the principal investigator on several ongoing grants to develop comprehensive methods for protecting software from malicious attacks.

Professor Davidson is a Fellow of the ACM and a Life Fellow of the IEEE. He served as an Associate Editor of ACM’s Transactions on Programming Languages and Systems for six years, and as an Associate Editor of ACM’s Transactions on Architecture and Compiler Optimizations for eight years. He served as Chair of ACM’s Special Interest Group on Programming Languages (SIGPLAN) from 2005 to 2007. He currently serves on the ACM Executive Council and is chair of ACM’s Digital Library Board that oversees the operation and development of ACM’s Digital Library.

Abstract: DevOps is an approach that unifies software development (Dev) and software operations (Ops) with the aim of automating the continuous deployment of new software versions while maintaining correctness and reliability, all in close alignment with business objectives. DevSecOps integrates security into the software life cycle by promoting collaboration among development, security, and operation teams. This talk describes DevSecOps and how automated bug finding and application hardening technologies can play a key role DevSecOps pipelines. The talk will highlight fuzzing — an automated bug-finding technique that integrates exceedingly well into a DevSecOps pipeline. The presentation also discusses research questions and challenges in realizing a DevSecOps pipeline using these technologies.