[Pl-seminar] 3rd October : Cristina Cifuentes - Oracle Parfait: The Flavour of Real-World Vulnerability Detection

Aviral Goel goel.av at husky.neu.edu
Mon Sep 24 14:48:28 EDT 2018


Already sent the PR 2 hours back - https://github.com/nuprl/website/pull/143
The calendar has been updated too.

Best,
Aviral


On Mon, Sep 24, 2018 at 2:45 PM jan Vitek <vitekj at icloud.com> wrote:

> Can you also update the web?
>
> > On Sep 24, 2018, at 2:35 PM, Aviral Goel <goel.av at husky.neu.edu> wrote:
> >
> > NUPRL Presents
> >
> > Cristina Cifuentes
> > Oracle Labs (https://labs.oracle.com/pls/apex/f?p=labs:bio:0:21)
> >
> > 1:15 PM
> > Wednesday, October 3rd, 2018
> > Room 010 WVF (https://goo.gl/maps/9aNvUmG9Lcu)
> >
> > Oracle Parfait: The Flavour of Real-World Vulnerability Detection
> Cristina Cifuentes, Oracle Labs
> >
> > Abstract
> >
> > The Parfait static code analysis tool focuses on detecting
> vulnerabilities that matter in C, C++, Java and PL/SQL languages.  Its
> focus has been on key items expected out of a commercial tool that lives in
> a commercial organization, namely, precision of results (i.e., high true
> positive rate), scalability (i.e., being able to run quickly over millions
> of lines of code), incremental analysis (i.e., being able to run over
> deltas of the code quickly), and usability (i.e., ease of integration into
> standard build processes, reporting of traces to the vulnerable location,
> etc).  Today, Parfait is used by thousands of developers at Oracle
> worldwide on a day-to-day basis.
> >
> > In this presentation we’ll sample a flavour of Parfait — we explore some
> real world challenges faced in the creation of a robust vulnerability
> detection tool, look into two examples of vulnerabilities that severely
> affected the Java platform in 2012/2013 and most machines in 2017/2018, and
> conclude by recounting what matters to developers for integration into
> today’s continuous integration and continuous delivery (CI/CD) pipelines.
> >
> > Bio
> >
> > Cristina is the Director of Oracle Labs Australia and an Architect at
> Oracle. Headquartered in Brisbane, the Lab focuses on Program Analysis as
> it applies to finding vulnerabilities in software and enhancing the
> productivity of developers worldwide.
> >
> > Prior to founding Oracle Labs Australia, Cristina was the Principal
> Investigator of the Parfait bug tracking project at Sun Microsystems, then
> Oracle. Today, Oracle Parfait has become the defacto tool used by thousands
> of Oracle developers for bug and vulnerability detection in real-world,
> commercially sized C/C++/Java applications. Parfait's success is founded on
> the pioneering work in advancing static program analysis techniques by
> Cristina’s team of Researchers and Engineers at Oracle Labs Australia.
> >
> > Cristina’s passion for tackling the big issues in the field of Program
> Analysis began with her doctoral work in binary decompilation at
> Queensland’s University of Technology. In an interview with Richard Morris
> for Geek of the Week, Cristina talks about Parfait, Walkabout and her
> career journey in this field.
> >
> > Before she joined Oracle and Sun Microsystems, Cristina held teaching
> posts at major Australian Universities, co-edited Going Digital, a landmark
> book on cybersecurity, and served on the executive committees of ACM
> SIGPLAN and IEEE Reverse Engineering.
> >
> > Cristina continues to play an active role in the international
> programming language, compiler construction and software security
> communities. On the weekends, she channels her interests into mentoring
> young programmers through the CoderDojo network.
> > _______________________________________________
> > pl-seminar mailing list
> > pl-seminar at lists.ccs.neu.edu
> >
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.ccs.neu.edu%2Fbin%2Flistinfo%2Fpl-seminar&data=02%7C01%7Cj.vitek%40northeastern.edu%7Cb4cbc123ef1d4840550708d6224cf7dd%7Ca8eec281aaa34daeac9b9a398b9215e7%7C0%7C0%7C636734111303918113&sdata=GzGcY%2FZHomf%2BOw6KBslYMgrF3mnziacLu08U4Nc2%2B0w%3D&reserved=0
>
>
-------------- next part --------------
HTML attachment scrubbed and removed


More information about the pl-seminar mailing list