log in  |  register  |  feedback?  |  help
Who is Mr. Robot?: A Study of the Humans Behind Software Vulnerability Discovery
Daniel Votipka - University of Maryland, College Park
HCIL (HBK 2105)
Thursday, April 13, 2017, 12:30-1:30 pm Calendar
  • You are subscribed to this talk through .
  • You are watching this talk through .
  • You are subscribed to this talk. (unsubscribe, watch)
  • You are watching this talk. (unwatch, subscribe)
  • You are not subscribed to this talk. (watch, subscribe)

Finding security vulnerabilities in software is a critical task for any organization which still requires human effort even though automation has made significant strides in recent years. The task of vulnerability discovery typically falls on traditional software testers within an organization and white-hat hackers either through bug bounty programs or contracting. This talk explores the experiences, skills, processes, motivations, and metal models of these two communities. We describe our ongoing, semi-structured interview study which focuses on how these groups find bugs, how they have developed the necessary skills, and the challenges they face and give some preliminary findings.


Daniel Votipka is a PhD student in the CS Department at the University of Maryland, College Park. Daniel received his MS in Information Security, Technology, and Management from Carnegie Mellon University and his BS in Computer Science from the Illinois Institute of Technology. Daniel's research interests are in usable security, in particular, studying the security behaviors and mental models of those involved in the creation and use of software (i.e. developers, testers, and end-users).

This talk is organized by Carlea Holl-Jensen