SaTC: CORE: Small: Understanding and Reducing Barriers to Entry and Participation in the Vulnerability Discovery Community

SaTC：核心：小型：了解并减少进入和参与漏洞发现社区的障碍

• 批准号: 2247959
• 负责人: Daniel Votipka
• 金额: $ 60万
• 依托单位: Tufts University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-05-01 至 2026-04-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2247959&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Understanding; Reducing

The current vulnerability discovery workforce consists of experts who search for software security bugs. This workforce lacks gender and socioeconomic diversity, causing inequitable access to high paying jobs, limited diversity of thought, and workforce shortages endangering Internet safety. This project aims to identify root causes of limited diversity in the vulnerability discovery community. Little research has addressed vulnerability discovery education and challenges faced by new professionals. This project is conducting studies to identify challenges faced by marginalized populations and is developing and evaluating interventions and policies grounded in these populations' experiences. This project will provide guidance to community leaders, policy makers, and educators to improve diversity, inclusivity, and equity in the vulnerability discovery workforce. To improve community equity and inclusivity, the research team is conducting a broad survey to identify disparities among demographic groups and is interviewing leaders organizing diversity, equity, and inclusion initiatives to identify domain-specific decision-making challenges. The research team is conducting a community organizer workshop to discuss their findings and to collaboratively develop domain-specific guidance to address gaps and challenges in diversity initiatives. To reduced barriers to learning, the team is conducting controlled experiments with students to understand their information search processes and online resource use, and to generate and evaluate novel approaches to student educational support. Findings are to be synthesized into research-based guidelines to help educators best support a diverse group of students who would be prepared to work productively in the vulnerability discovery community.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

当前的漏洞发现团队由搜索软件安全漏洞的专家组成。这些劳动力缺乏性别和社会经济多样性，导致获得高薪工作的机会不平等、思想多样性有限以及劳动力短缺危及互联网安全。该项目旨在确定漏洞发现社区多样性有限的根本原因。很少有研究涉及漏洞发现教育和新专业人员面临的挑战。该项目正在进行研究，以确定边缘化人群面临的挑战，并根据这些人群的经验制定和评估干预措施和政策。该项目将为社区领导者、政策制定者和教育工作者提供指导，以提高漏洞发现人员的多样性、包容性和公平性。为了提高社区公平性和包容性，研究团队正在进行一项广泛的调查，以确定人口群体之间的差异，并采访组织多样性、公平性和包容性举措的领导者，以确定特定领域的决策挑战。研究团队正在举办社区组织者研讨会，讨论他们的发现，并协作制定特定领域的指导，以解决多样性举措中的差距和挑战。为了减少学习障碍，该团队正在对学生进行对照实验，以了解他们的信息搜索过程和在线资源使用情况，并生成和评估学生教育支持的新方法。研究结果将被综合到基于研究的指南中，以帮助教育工作者最好地支持准备在漏洞发现社区中高效工作的多元化学生群体。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准。