Hot Topics in the Science of Security Symposium (HotSoS)

Avoiding Pseudoscience in the Science of Security

April 21, 2:00 p.m.
Speaker: Jonathan Spring, Researcher and Analyst, CERT Division, Software Engineering Institute, Carnegie Mellon University

Abstract: We seek the philosophical underpinnings to science of security in an effort to steer away from pseudoscience. On the way, we pause for a look at the philosophy of science to describe how the approach of "observation and reasoning from results" differs between computing and established sciences, such as experimental biology, due to the engineered elements under study. We demonstrate the challenges in avoiding pseudoscience and some solutions with a case study of malware analysis.

Bio: Jonathan is a researcher and analyst at the CERT program at Carnegie Mellon University. He is the co-author of an information security textbook, "Introduction to Information Security: A Strategic-Based Approach," and also serves as an adjunct professor at the University of Pittsburgh's School of Information Sciences and as an ICANN research fellow. Publication list available from: url.sei.cmu.edu/jspring.