Sign up to save your podcasts
Or
Share Judging a Bug by Its Title
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Judging a Bug by Its Title
Most people know the age-old adage, “Don’t judge a book by its cover.” I can still see my grandmother wagging her finger at me when I was younger as she said it. But what if it's not the book cover we’re judging, but the title? And what if it’s not a book we’re analyzing, but instead a security bug? The times have changed, and age-old adages don’t always translate well in the digital landscape. In this case, we’re using machine learning (ML) to identify and “judge” security bugs based solely on their titles. And, believe it or not, it works! (Sorry, Grandma!)
Mayana Pereira, Data Scientist at Microsoft, joins hosts Nic Fillingham and Natalia Godyla to dig into the endeavors that are saving security experts’ time. Mayana explains how data science and security teams have come together to explore ways that ML can help software developers identify and classify security bugs more efficiently. A task that, without machine learning, has traditionally provided false positives or led developers to overlook misclassified critical security vulnerabilities.
In This Episode, You Will Learn:
- How data science and ML can improve security protocols and identify and classify bugs for software developers
- How to determine the appropriate amount of data needed to create an accurate ML training model
- The techniques used to classify bugs based simply on their title
Some Questions We Ask:
- What questions need to be asked in order to obtain the right data to train a security model?
- How does Microsoft utilize the outputs of these data-driven security models?
- What is AI for Good and how is it using AI to foster positive change in protecting children, data and privacy online?
Resources:
Microsoft Digital Defense Report
Article: “Identifying Security Bug Reports Based Solely on Report Titles and Noisy Data”
Mayana’s LinkedIn
Microsoft Security Blog
Nic’s LinkedIn
Natalia’s LinkedIn
Related:
Listen to: Afternoon Cyber Tea with Ann Johnson
Listen to: Security Unlocked: CISO Series with Bret Arsenault
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.
Hosted on Acast. See acast.com/privacy for more information.
View all episodes
By Microsoft
4
5656 ratings
Most people know the age-old adage, “Don’t judge a book by its cover.” I can still see my grandmother wagging her finger at me when I was younger as she said it. But what if it's not the book cover we’re judging, but the title? And what if it’s not a book we’re analyzing, but instead a security bug? The times have changed, and age-old adages don’t always translate well in the digital landscape. In this case, we’re using machine learning (ML) to identify and “judge” security bugs based solely on their titles. And, believe it or not, it works! (Sorry, Grandma!)
Mayana Pereira, Data Scientist at Microsoft, joins hosts Nic Fillingham and Natalia Godyla to dig into the endeavors that are saving security experts’ time. Mayana explains how data science and security teams have come together to explore ways that ML can help software developers identify and classify security bugs more efficiently. A task that, without machine learning, has traditionally provided false positives or led developers to overlook misclassified critical security vulnerabilities.
In This Episode, You Will Learn:
- How data science and ML can improve security protocols and identify and classify bugs for software developers
- How to determine the appropriate amount of data needed to create an accurate ML training model
- The techniques used to classify bugs based simply on their title
Some Questions We Ask:
- What questions need to be asked in order to obtain the right data to train a security model?
- How does Microsoft utilize the outputs of these data-driven security models?
- What is AI for Good and how is it using AI to foster positive change in protecting children, data and privacy online?
Resources:
Microsoft Digital Defense Report
Article: “Identifying Security Bug Reports Based Solely on Report Titles and Noisy Data”
Mayana’s LinkedIn
Microsoft Security Blog
Nic’s LinkedIn
Natalia’s LinkedIn
Related:
Listen to: Afternoon Cyber Tea with Ann Johnson
Listen to: Security Unlocked: CISO Series with Bret Arsenault
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.
Hosted on Acast. See acast.com/privacy for more information.
More shows like Security Unlocked
View all
Security Now (Audio)
1,971 Listeners
Risky Business
361 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
628 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
367 Listeners
CyberWire Daily
1,007 Listeners
Smashing Security
311 Listeners
Click Here
406 Listeners
Darknet Diaries
7,864 Listeners
Cybersecurity Today
169 Listeners
CISO Series Podcast
187 Listeners
Hacking Humans
314 Listeners
Defense in Depth
74 Listeners
Cyber Security Headlines
128 Listeners
Risky Bulletin
33 Listeners
The BlueHat Podcast
12 Listeners