Mon. Oct. 29 - Alexandria VA,
Synopsis: "Software quality measurement has a long and not always happy history. Eager to measure many aspects of software quality, researchers sometimes have measured what was expedient or available instead of what was useful and realistic. In this talk, Shari Lawrence Pfleeger reviews software quality measurement, pointing out lessons that can be applied to current attempts to measure the security of systems and networks. She offers guidelines for effective security measurement that take into account not only the technology but also the business context in which the measurement is done."
BIO: Shari Lawrence Pfleeger (Ph.D., Information Technology and Engineering, George Mason University; M.S., Planning, The Pennsylvania State University; M.A., Mathematics, The Pennsylvania State University; B.A., Mathematics with high honors, Harpur College, Binghamton, NY) is a senior researcher at RAND's Arlington, VA office where she helps organizations and government agencies understand whether and how information technology supports their mission and goals. Dr. Pfleeger began her career as a mathematician and then a software developer and maintainer for real-time, business-critical software systems. From 1982 to 2002, Dr. Pfleeger was president of Systems/Software, Inc., a consultancy specializing in software engineering and technology. From 1997 to 2000, she was also a visiting professor at the University of Maryland's computer science department. In the past, she has been founder and director of Howard University's Center for Research in Evaluating Software Technology (CREST), a visiting scientist at the City University (London) Centre for Software Reliability, principal scientist at MITRE Corporation's Software Engineering Center, and manager of the measurement program at the Contel Technology Center (named by the Software Engineering Institute as one of the best such programs in the country). Dr. Pfleeger is well-known for her work in software quality, software assurance, and empirical studies of software engineering; she is particularly known for her multi-disciplinary approach to solving information technology problems. Her current projects include investigations of cybersecurity economics, insider threat, and a framework for defining and using cybersecurity metrics.
She is also well-known for her publications, many of which are required reading in software engineering curricula, including "Software Engineering: Theory and Practice" (3rd edition, with Joanne Atlee, 2006, Prentice Hall), "Security in Computing" (4th edition, with Charles P. Pfleeger, 2007, Prentice Hall), "Solid Software" (2001, with Les Hatton and Charles Howell, Prentice Hall), and "Software Metrics: A Rigorous and Practical Approach" (2nd edition, with Norman Fention, 1996, Boyd and Fraser Publishers). Dr. Pfleeger is on the editorial board of IEEE Security and Privacy, where she edited a special issue on Managing Organizational Security (May/June 2007). For several years, she was the associate editor-in-chief of IEEE Software, where she edited the Quality Time column, and then associate editor of IEEE Transactions on Software Engineering. From 1998 to 2002, she was a member of the editorial board of Prentice Hall's Software Quality Institute series. She is a senior member of IEEE, the IEEE Computer Society, and the Association for Computing Machinery. She has been on the executive council of the IEEE Technical Council on Software Engineering, and is the vice chair emeritus of the executive committee for the Institute for Information Infrastructure Protection.