SaTC: CORE: Small: Understanding and Reducing Barriers to Entry and Participation in the Vulnerability Discovery Community

SaTC：核心：小型：了解并减少进入和参与漏洞发现社区的障碍

• 批准号: 2247959
• 负责人: Daniel Votipka
• 金额: $ 60万
• 依托单位: Tufts University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-05-01 至 2026-04-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2247959&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Understanding; Reducing

The current vulnerability discovery workforce consists of experts who search for software security bugs. This workforce lacks gender and socioeconomic diversity, causing inequitable access to high paying jobs, limited diversity of thought, and workforce shortages endangering Internet safety. This project aims to identify root causes of limited diversity in the vulnerability discovery community. Little research has addressed vulnerability discovery education and challenges faced by new professionals. This project is conducting studies to identify challenges faced by marginalized populations and is developing and evaluating interventions and policies grounded in these populations' experiences. This project will provide guidance to community leaders, policy makers, and educators to improve diversity, inclusivity, and equity in the vulnerability discovery workforce. To improve community equity and inclusivity, the research team is conducting a broad survey to identify disparities among demographic groups and is interviewing leaders organizing diversity, equity, and inclusion initiatives to identify domain-specific decision-making challenges. The research team is conducting a community organizer workshop to discuss their findings and to collaboratively develop domain-specific guidance to address gaps and challenges in diversity initiatives. To reduced barriers to learning, the team is conducting controlled experiments with students to understand their information search processes and online resource use, and to generate and evaluate novel approaches to student educational support. Findings are to be synthesized into research-based guidelines to help educators best support a diverse group of students who would be prepared to work productively in the vulnerability discovery community.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

目前的漏洞发现工作人员由搜索软件安全漏洞的专家组成。这些劳动力缺乏性别和社会经济多样性，导致获得高薪工作的机会不平等，思想多样性有限，劳动力短缺危及互联网安全。该项目旨在确定脆弱性发现社区多样性有限的根本原因。很少有研究涉及脆弱性发现教育和新专业人员面临的挑战。该项目正在开展研究，以确定边缘化群体面临的挑战，并根据这些群体的经验制定和评价干预措施和政策。该项目将为社区领导人、政策制定者和教育工作者提供指导，以提高脆弱性发现工作队伍的多样性、包容性和公平性。为了提高社区的公平性和包容性，研究小组正在进行一项广泛的调查，以确定人口群体之间的差异，并正在采访组织多样性，公平性和包容性倡议的领导人，以确定特定领域的决策挑战。研究小组正在举办一个社区组织者讲习班，讨论他们的研究结果，并合作制定针对具体领域的指导，以解决多样性举措中的差距和挑战。为了减少学习障碍，该团队正在对学生进行对照实验，以了解他们的信息搜索过程和在线资源使用情况，并生成和评估学生教育支持的新方法。研究结果将被合成为基于研究的指导方针，以帮助教育工作者最好地支持多样化的学生群体，他们将准备在漏洞发现社区中富有成效地工作。该奖项反映了NSF的法定使命，并被认为值得通过使用基金会的智力价值和更广泛的影响审查标准进行评估来支持。