Elisa Bertino
Purdue University

Bio: Elisa Bertino is Samuel Conte professor of Computer Science at Purdue University. She serves as Director of the Purdue Cyberspace Security Lab (Cyber2Slab). Prior to joining Purdue, she was a professor and department head at the Department of Computer Science and Communication of the University of Milan. She has been a visiting researcher at the IBM Research Laboratory in San Jose (now Almaden), at Rutgers University, at Telcordia Technologies. She has also held visiting professor positions at the Singapore National University and the Singapore Management University. Her recent research focuses on security and privacy of cellular networks and IoT systems, and on edge analytics for cybersecurity. Elisa Bertino is a Fellow member of IEEE, ACM, and AAAS. She received the 2002 IEEE Computer Society Technical Achievement Award for “For outstanding contributions to database systems and database security and advanced data management systems”, the 2005 IEEE Computer Society Tsutomu Kanai Award for “Pioneering and innovative research contributions to secure distributed systems”, the 2019-2020 ACM Athena Lecturer Award, and the 2021 IEEE 2021 Innovation in Societal Infrastructure Award. She received an Honorary Doctorate from Aalborg University in 2021 and an Honorary Research Doctorate in Computer Science from the University of Salerno in 2023. She is currently serving as ACM Vice-president.

Abstract: Software is increasingly playing a key role in all infrastructure and application domains we may think of. One notable example is represented by the increased “softwarization” of computer networks—see the notion of “network programs” as an approach to better control and manage networks and possibly even enhance their security. Unfortunately, software systems are still often insecure despite the fact that the “problem of software security” has been known to the industry and research communities for decades. In this talk, I will first present my view on the current state of software security with examples from security analyses covering mobile applications, open-source software, and emerging domains. I will then discuss why the software is still insecure. Reasons that are often mentioned include the lack of vendor liability, the lack of training of software engineers and developers, the use of insecure languages, and so on. However, it can also be argued that the benefit of software, even if insecure, outweighs its lack of security. After all, could we imagine our society today without software? On the other hand, software security is increasingly a critical need. So, what would it take to convince decision makers at various levels and organizations that software security must be a priority? What we as researchers should do? In the talk I will provide my view about these questions. I will then conclude with a discussion on the role of AI in software security, covering recent AI-assisted approaches to detect vulnerabilities in code or directly generate secure code.