There's no shortage of smart people doing smart things. But there’s a disconnect between the ideas being incubated and the execution of those ideas in ways that make real-world differences. That was the message from Jean Yang, assistant professor at Carnegie Mellon University’s School of Computer Science, during her keynote address at Privacy. Security. Risk.
Yang knows a thing or two about innovation. She’s the creator of software Jeeves’s programming language. She says the future runs on software, but there’s a big problem standing in the middle of the bridge to that future: security. And that problem has to be solved before we, as a global community, get where we want to go. We’re already seeing the risks of not solving the problem. Hackers are gaining control of everything from electronic skateboards to rifles to smart cars.
Luckily, academics like Yang and her colleagues are working diligently at programming languages that can thwart potential attacks before they could ever infiltrate the software. Yang’s own doctorate work has involved what’s called policy-agnostic programming, in which programmers like herself attach policies directly to data, meaning the programmer can rely on the code language to enforce a policy automatically, greatly reducing the opportunity for code errors that could prove susceptible to attacks on detected vulnerabilities. Yang said that kind of programming will “take us into the 21st century.”
But there are barriers to widespread industry adoption of this kind of programming.
“Managers have to fight the status quo,” Yang said. “They have to make arguments about why to do things differently.”
Even programmers themselves struggle because incorporating new, safer code into existing products means finding ways to ensure the new code interoperates with the previous.
Yang said one answer to the problem is in start-ups. So she’s founded the Cybersecurity Factory, which is an eight-week accelerator that gives prospective start-up teams $20,000, a network of seasoned security experts to use as needed, office space, legal support and focused mentorship.
Okay, so that solves part of the issue. Say a bunch of start-ups come up with security-smart software. Where’s the competitive advantage that motivates industry to adopt it?
That piece relies on customers. Yang said for us to get to the 21st century of secure software, customers have to want to actually pay for it.
“What we can do is create a culture around privacy and security,” she said. “One part is getting consumers to care more.”
“But the thing is, they’re benefiting from this,” Yang said. “Snapchat has had egregious privacy violations … but their estimated value is $16 billion and 100 million users. We can do a much better job of getting consumers to stand up for their privacy and security.”
It’s a matter of asking “smart people to come up with technical solutions,” connecting research with industry, putting their solutions into place and then iterating as necessary.
Despite being perhaps a bit disheartened by what she sees when she looks around her, Yang said she’s “incredibly optimistic” about the state of software security, “Because there are plenty of smart people like you working on it,” she told the crowd. “I invite you to work with me so we can eventually have some approximation of a completely secure Internet.”
If you want to comment on this post, you need to login.