Story image

Oracle's $60,000 gift to Kiwi bug researcher about sharing knowledge with the world

29 Aug 17

Oracle has given one Massey University researcher US$44,000 (NZ$60,866) to find security vulnerabilities and bugs in the Java programming language.

Associate Professor Jens Dietrich, from the School of Engineering and Advanced Technology, has been working closely with Oracle to find vulnerabilities since 2014.

He has received around US$144,000 (NZ$198,000) since 2014 for his efforts, but the catch is that its monetary gifts are to help share the findings with the world.

Traditionally organisations keep bug and vulnerability findings for themselves, but Oracle and Dietrich have taken a different approach.

Oracle Labs provides funds to researchers so that their findings can be shared – be it via research papers or even by open source software.

Dietrich says the work is “Like creating your own puzzles and then solving them”.

 “The security of our data on these web applications is a company’s top priority, as they are often dealing with very sensitive information. They use Java because it has a reputation for its security and ease of use, but they cannot catch all the bugs in their own code and therefore must go back and patch software as problems arise,” Dietrich explains.

“Companies can do this themselves, but they often tap into external resources, like here at Massey, to find solutions or even find vulnerabilities and bugs that they never anticipated. Academic researchers can offer expertise that is often difficult for companies to find in-house, for instance, mathematical modelling and algorithm design.” 

Dietrich turns software into graphs, which he uses to pinpoint what functions in the software may be prone to exploits. While others have tried a similar approach, those algorithms couldn’t deal with neither the complexity nor the size of real-world programs.

Two years ago, he and a team of researchers from the University of Sydney came up with an algorithms that overcame those limitation. He’s now using that algorithm in practice to reduce false detection alarms in some of the largest enterprise programs.

He believes that New Zealand businesses could learn from what Oracle is doing in terms of supporting research.

“This isn’t a contract, it’ a gift in support of academic research that gives the researcher a significant amount of freedom. It benefits not only the company but the researcher as well, by tapping into a funding avenue that was previously closed,” Dietrich says.

He is also working on a project that aims to predict program behaviour in a proposal called ‘Closing The Gaps in Static Program Analysis’, which was recently accepted as one of the Science for Technological Innovation National Science Challenge’s SEED projects.

“The project is the logical next step from the Oracle-funded projects: not only being able to find bugs and vulnerabilities in large, real-world programs, but trying to find all of them. This could then be used to design completely different tools. For instance, one could prove the absence of a certain type of vulnerability from a program and use this information to certify that a program is fit for safety-critical applications,” Dietrich concludes.

Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.
IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.
Spark Lab launches free cybersecurity tool for SMBs
Spark Lab has launched a new tool that it hopes will help New Zealand’s small businesses understand their cybersecurity risks.