In recent months, we’ve heard a lot about deep neural networks and deep learning—take Project Adam, for example—and the sometimes eye-popping results they can have in addressing longstanding computing problems. The field of image recognition also is benefiting rapidly from the use of such networks,…
This week, Microsoft researcher Hrvoje Benko (@hrvojebenko) is in Hawaii, but not on one of the islands’ beautiful beaches. As conference chair for UIST 2014—the 27th Association for Computing Machinery (ACM) Symposium on User Interface Software and Technology—Benko will be busy ensuring that the event,…
Part 1: Introduction and Basic Theory > Part 2: Accounting for Bug Fixes > Part 4: Step By Step Guide This is just a summary of the previous chapters as a flow chart (click here for the derivation of the method): Here variable meanings are: External…
Part 1: Introduction and Basic Theory > Part 3: Harsh Reality That simple logic is nice, but practice makes it questionable for at least two reasons: Bugs found by either of the parties are fixed. After that, another party gets no chances to find them…
Part 1: Introduction Probably every piece of software has some defects in it. Known defects (also called bugs) are found by manufacturers and users and fixed. Unknown ones remain there, waiting to be discovered some day. The question is: how big is that unknown set?…
“Scottish independence: polls show it’s too close to call.” “Scotland’s vote likely to be a nail-biter.” “Scottish independence vote on a knife edge as polls put both Yes AND No ahead.” If there was any consensus in the days running up to the momentous Sept.…
The annual conference of the Association for Computing Machinery’s Special Interest Group on Data Communication (SIGCOMM) is always a highlight for those who follow the latest developments in applications, technologies, architectures, and protocols for computer communication. SIGCOMM 2014, to be held in Chicago from August…
“The way we design computers today,” Microsoft researcher Hong Tan says, “it would seem that people only use their eyes.” Sure, we tap on our device screens, slide our fingertips across the glass, and type on on-screen keyboards. Sometimes, we give voice commands and listen…
Problem introduction and disclaimer > Security Review Heuristics Zoo > Part 3 — Reflections Or rather a few closing notes... Can you quantify "product security"? Usually when people start talking about "X being 23% more secure than Y" I just snort. However, with the notion of…
Introduction (Part I) > Heuristics Zoo, Part 1/2 > Note: standard Disclaimer expressed in Part I applies here as well. Heuristic 5: "Area Expertise" and "Penetration Testing" These two seemingly different techniques share a lot in how they approach managing the complexity of security reviews,…
Initially meant to fit into one chapter, this text grew quickly and I had to split it into two. So there will be four parts of the article in total. See Introduction (or Part 1) > <Disclaimer>By no means this list is "complete". I think every…
Click here if you want to skip all the theory and just go to the Security Reviews Heuristics Zoo If you are a software security professional, you might've been asked sometimes to conduct a "security design review". If you felt lost at that point, this…
