Most people know the age-old adage, "Don't judge a book by its cover." I can still see my grandmother wagging her finger at me when I was younger as she said it. But what if it's not the book cover we're judging, but the title? And what if it's not a book we're analyzing, but instead a security bug? The times have changed, and age-old adages don't always translate well in the digital landscape. In this case, we're using machine learning (ML) to identify and "judge" security bugs based solely on their titles. And, believe it or not, it works! (Sorry, Grandma!)  Mayana Pereira, Data Scientist at Microsoft, joins hosts Nic Fillingham and Natalia Godyla to dig into the endeavors that are saving security experts' time. Mayana explains how data science and security teams have come together to explore ways that ML can help software developers identify and classify security bugs more efficiently. A task that, without machine learning, has traditionally provided false positives or led developers to overlook misclassified critical security vulnerabilities.    In This Episode, You Will Learn: How data science and ML can improve security protocols and identify and classify bugs for software developers  How to determine the appropriate amount of data needed to create an accurate ML training model  The techniques used to classify bugs based simply on their title    Some Questions We Ask: What questions need to be asked in order to obtain the right data to train a security model?  How does Microsoft utilize the outputs of these data-driven security models?   What is AI for Good and how is it using AI to foster positive change in protecting children, data and privacy online?    Resources:  Microsoft Digital Defense Report Article: "Identifying Security Bug Reports Based Solely on Report Titles and Noisy Data" Mayana's LinkedIn Microsoft Security Blog Nic's LinkedIn Natalia's LinkedIn Related: Listen to: Afternoon Cyber Tea with Ann Johnson Listen to: Security Unlocked: CISO Series with Bret Arsenault  Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network. 

Ver todos los episodios