Sign up to save your podcasts
Or
Share Judging a Bug by Its Title
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Judging a Bug by Its Title
Most people know the age-old adage, “Don’t judge a book by its cover.” I can still see my grandmother wagging her finger at me when I was younger as she said it. But what if it's not the book cover we’re judging, but the title? And what if it’s not a book we’re analyzing, but instead a security bug? The times have changed, and age-old adages don’t always translate well in the digital landscape. In this case, we’re using machine learning (ML) to identify and “judge” security bugs based solely on their titles. And, believe it or not, it works! (Sorry, Grandma!)
Mayana Pereira, Data Scientist at Microsoft, joins hosts Nic Fillingham and Natalia Godyla to dig into the endeavors that are saving security experts’ time. Mayana explains how data science and security teams have come together to explore ways that ML can help software developers identify and classify security bugs more efficiently. A task that, without machine learning, has traditionally provided false positives or led developers to overlook misclassified critical security vulnerabilities.
In This Episode, You Will Learn:
- How data science and ML can improve security protocols and identify and classify bugs for software developers
- How to determine the appropriate amount of data needed to create an accurate ML training model
- The techniques used to classify bugs based simply on their title
Some Questions We Ask:
- What questions need to be asked in order to obtain the right data to train a security model?
- How does Microsoft utilize the outputs of these data-driven security models?
- What is AI for Good and how is it using AI to foster positive change in protecting children, data and privacy online?
Resources:
Microsoft Digital Defense Report
Article: “Identifying Security Bug Reports Based Solely on Report Titles and Noisy Data”
Mayana’s LinkedIn
Microsoft Security Blog
Nic’s LinkedIn
Natalia’s LinkedIn
Related:
Listen to: Afternoon Cyber Tea with Ann Johnson
Listen to: Security Unlocked: CISO Series with Bret Arsenault
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.
Hosted on Acast. See acast.com/privacy for more information.
View all episodes
By Microsoft
4
5656 ratings
Most people know the age-old adage, “Don’t judge a book by its cover.” I can still see my grandmother wagging her finger at me when I was younger as she said it. But what if it's not the book cover we’re judging, but the title? And what if it’s not a book we’re analyzing, but instead a security bug? The times have changed, and age-old adages don’t always translate well in the digital landscape. In this case, we’re using machine learning (ML) to identify and “judge” security bugs based solely on their titles. And, believe it or not, it works! (Sorry, Grandma!)
Mayana Pereira, Data Scientist at Microsoft, joins hosts Nic Fillingham and Natalia Godyla to dig into the endeavors that are saving security experts’ time. Mayana explains how data science and security teams have come together to explore ways that ML can help software developers identify and classify security bugs more efficiently. A task that, without machine learning, has traditionally provided false positives or led developers to overlook misclassified critical security vulnerabilities.
In This Episode, You Will Learn:
- How data science and ML can improve security protocols and identify and classify bugs for software developers
- How to determine the appropriate amount of data needed to create an accurate ML training model
- The techniques used to classify bugs based simply on their title
Some Questions We Ask:
- What questions need to be asked in order to obtain the right data to train a security model?
- How does Microsoft utilize the outputs of these data-driven security models?
- What is AI for Good and how is it using AI to foster positive change in protecting children, data and privacy online?
Resources:
Microsoft Digital Defense Report
Article: “Identifying Security Bug Reports Based Solely on Report Titles and Noisy Data”
Mayana’s LinkedIn
Microsoft Security Blog
Nic’s LinkedIn
Natalia’s LinkedIn
Related:
Listen to: Afternoon Cyber Tea with Ann Johnson
Listen to: Security Unlocked: CISO Series with Bret Arsenault
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.
Hosted on Acast. See acast.com/privacy for more information.
More shows like Security Unlocked
View all
Security Now (Audio)
1,986 Listeners
Risky Business
364 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
639 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
370 Listeners
Hacked
183 Listeners
CyberWire Daily
1,018 Listeners
Smashing Security
318 Listeners
Click Here
406 Listeners
Darknet Diaries
7,951 Listeners
Cybersecurity Today
172 Listeners
CISO Series Podcast
189 Listeners
Hacking Humans
316 Listeners
Defense in Depth
77 Listeners
Cyber Security Headlines
129 Listeners
Risky Bulletin
43 Listeners