Most people know the age-old adage, “Don’t judge a book by its cover.” I can still see my grandmother wagging her finger at me when I was younger as she said it. But what if it's not the book cover we’re judging, but the title? And what if it’s not a book we’re analyzing, but instead a security bug? The times have changed, and age-old adages don’t always translate well in the digital landscape. In this case, we’re using machine learning (ML) to identify and “judge” security bugs based solely on their titles. And, believe it or not, it works! (Sorry, Grandma!)
Mayana Pereira, Data Scientist at Microsoft, joins hosts Nic Fillingham and Natalia Godyla to dig into the endeavors that are saving security experts’ time. Mayana explains how data science and security teams have come together to explore ways that ML can help software developers identify and classify security bugs more efficiently. A task that, without machine learning, has traditionally provided false positives or led developers to overlook misclassified critical security vulnerabilities.
In This Episode, You Will Learn:
Some Questions We Ask:
Resources:
Microsoft Digital Defense Report
Article: “Identifying Security Bug Reports Based Solely on Report Titles and Noisy Data”
Related:
Listen to: Afternoon Cyber Tea with Ann Johnson
Listen to: Security Unlocked: CISO Series with Bret Arsenault
Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.
