Samaritan is one of the latest developments from Secure Decisions, a research & development (R&D) division of Applied Visions, Inc. Samaritan grew out of research that we proposed in 2017 to focus additional attention on the real source of software weaknesses: people.
Over the past two years, we have analyzed the associations between various human elements of software engineering and the quality & security of the code produced. We studied the relationships between over 30 metrics and two measures of software: static analysis warnings and publicly disclosed vulnerabilities. Our goal was to identify which human dimensions are associated with the creation of insecure code.
If we know which human elements contribute to quality & security problems, we can monitor them and intervene to fix them. For example, we could warn developers about risky code or cue testers and reviewers with code locations that are more likely to contain a weakness.
Samaritan is the product of our work to transition the insights from our research into practical use.
Chris is a Senior Researcher at Secure Decisions and is the Principal Investigator on the DARPA contract that’s funding the creation of Samaritan.
Chris spends most of his time on research projects aimed at advancing software engineering and assurance practices. He’s made information about static software analyzers more accessible through Kompar, reduced the amount of time required to inspect software analyzer warnings with the Code Dx triage assistant, and is helping figure out how to streamline software certification on the DARPA ARCOS program.
Chris has 18 years of experience in research, software systems, and new product development. He began his career at the RAND Corporation and Carnegie Mellon University, where he studied human-computer interaction and human decision making. His expertise includes product strategy, systems engineering, interaction design, and user experience research.
Nuthan is the original creator of Samaritan and a Senior Researcher at Secure Decisions.
Nuthan recently completed his PhD at the Rochester Institute of Technology under the guidance of Dr. Andy Meneely. Over the past several years, he has published and presented on topics related to the discovery, curation, and remediation of software vulnerabilities, including how to provide security feedback to development teams. Prior to his doctoral work, Nuthan was a software engineer with Infosys Limited, where he lead a redesign of citizensbank.com.
Nuthan has expertise in software engineering, research, and data analysis.
This research was developed with funding from the U.S. Department of Defense, Defense Advanced Research Projects Agency (DARPA). The views, opinions and/or findings expressed are those of the author and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government.