Tue 6 Nov 2018 15:52 - 16:15 at Horizons 6-9F - Security Chair(s): Lucas Bang

A fundamental challenge of software testing is the statistically well-grounded extrapolation from program behaviors observed during testing. For instance, a security researcher who has run the fuzzer for a week has currently no means (1) to estimate the total number of feasible program branches, given that only a fraction has been covered so far; (2) to estimate the additional time required to cover 10% more branches (or to estimate the coverage achieved in one more day, respectively); or (3) to assess the residual risk that a vulnerability exists when no vulnerability has been discovered. Failing to discover a vulnerability does not mean that none exists—even if the fuzzer was run for a week (or a year). Hence, testing provides no formal correctness guarantees.

Tue 6 Nov
Times are displayed in time zone: (GMT-05:00) Guadalajara, Mexico City, Monterrey change

15:30 - 17:00: Research Papers - Security at Horizons 6-9F
Chair(s): Lucas Bang
fse-2018-Journal-First15:30 - 15:52
Fayola PetersLero - The Irish Software Research Centre and University of Limerick, Thein Than Tun, Yijun YuThe Open University, UK, Bashar NuseibehThe Open University (UK) & Lero (Ireland)
fse-2018-Journal-First15:52 - 16:15
Marcel BöhmeMonash University
fse-2018-research-papers16:15 - 16:37
James C. DavisVirginia Tech, USA, Christy A. CoghlanVirginia Tech, USA, Francisco ServantVirginia Tech, Dongyoon LeeVirginia Tech, USA
fse-2018-research-papers16:37 - 17:00
Feng DongBeijing University of Posts and Telecommunications, China, Haoyu Wang, Li LiMonash University, Australia, Yao GuoPeking University, Tegawendé F. BissyandéUniversity of Luxembourg, Luxembourg, Tianming LiuBeijing University of Posts and Telecommunications, China, Guoai Xu , Jacques KleinUniversity of Luxembourg, SnT