I wish to be a scientist, though due to the nature of things I am working on I will never be eligible to win a Nobel Prize, I still want to be a scientist. The ironic point is that my field of study, Software Engineering, seems to be useful to very limited group of people in the world: software companies, programmers, and software developers. I won’t cure any disease, I won’t discover a new planet in the corner of the universe, and I won’t even build a new machine or technology.
So, as my little tiny PhD studies move on, I am discovering that there is no revolution left. I sometimes feel I am sitting on a sofa, or at most behind a monitor, and I am making theories about how softwares, specially the secure ones, are being developed, and why they fail, and what we should do or not to do to prevent the failure.
I am not a security expert, but I am interested in developing secure software systems. Even more general, I am interested in general system security, and in particular case of Software Engineering, which is the area I am doing a PhD in, I am interested in security requirements, attack modeling, vulnerability analysis, countermeasure analysis, trade-offs among security and other goals such as privacy and usability.
I have crazy ideas to start a revolution in secure software engineering, and I have little tiny ideas to move the discipline an epsilon ahead. This Blog is where I am going to talk about them, since my PhD thesis does not have enough space for all that crap.