NCSU SoS Lablet Quarterly Executive Summary

A. Fundamental Research
High level report of result or partial result that helped move security science forward-- In most cases it should point to a "hard problem". These are the most important research accomplishments of the Lablet in the previous quarter.

We continued to produce science of security outcomes. The following are the major contributions from Lablet projects.

• We engaged with 14 Payment Service Provider (PSP) SDK vendors regarding vulnerabilities we discovered in their SDKs to help them identify specific security weaknesses.
• We developed an approach to identify how rogue behavior is potentially made actionable through app reviews. The approach is to classify sentences in app reviews that indicate cooperation for misuses for Intimate Partner Surveillance (IPS). Specifically, this approach seeks to identify when a IPS app reviewer seeks a suggestion, provides a suggestion, or netiher.
• We continued to refine our security bug detection work using new static program analysis and pattern extraction techniques.  Our initial results show that we can detect the culprit code block with sufficiently low false positives.
• We conducted a systematic literature review of 53 research studies about human errors in software engineering. This study will help software engineers identify and confront their human errors by creating a taxonomy of human errors in software engineering.

B. Community Engagement(s)
Research interaction in the community including workshops, seminars, competitions, etc.

C. Educational Advances
Impact to courses or curriculum at your school or elsewhere that indicates an increased training or rigor in security research.

We involved two female undergraduate students in our research this quarter as well.