Cyber Security

Previous cybersecurity evaluations and designs were often dependent upon personal experience and limited empirical evidence. An LDRD project focused on cybersecurity vulnerability prediction, discovery and mitigation is establishing foundational science and an experimental basis in these areas, which are notably absent in many current evaluations and technologies. Researchers studied the misclassification of software bugs as “not vulnerabilities,” and demonstrated that the number of misclassified bugs was significant. The project also furthered development of an automated bug classifier to help software development and maintenance teams more accurately identify those bugs likely to be vulnerabilities.