The Debugging Mindset

Software developers spend 35-50 percent of their time validating and debugging software. The cost of debugging, testing, and verification is estimated to account for 50-75 percent of the total budget of software development projects, amounting to more than $100 billion annually.11 While tools, languages, and environments have reduced the time spent on individual debugging tasks, they have not significantly reduced the total time spent debugging, nor the cost of doing so. Therefore, a hyperfocus on elimination of bugs during development is counterproductive; programmers should instead embrace debugging as an exercise in problem solving.



A Study of Security Vulnerabilities on Docker Hub

Docker containers have recently become a popular approach
to provision multiple applications over shared physical hosts
in a more lightweight fashion than traditional virtual machines.
This popularity has led to the creation of the Docker
Hub registry, which distributes a large number of official and
community images. In this paper, we study the state of security
vulnerabilities in Docker Hub images. We create a
scalable Docker image vulnerability analysis (DIVA) framework
that automatically discovers, downloads, and analyzes
both official and community images on Docker Hub. Using
our framework, we have studied 356,218 images and made
the following findings: (1) both official and community images
contain more than 180 vulnerabilities on average when
considering all versions; (2) many images have not been updated
for hundreds of days; and (3) vulnerabilities commonly
propagate from parent images to child images. These findings
demonstrate a strong need for more automated and
systematic methods of applying security updates to Docker
images and our current Docker image analysis framework
provides a good foundation for such automatic security update.


Distributed Authorization in Vanadium

Abstract. In this tutorial, we present an authorization model for distributed
systems that operate with limited internet connectivity. Reliable
internet access remains a luxury for a majority of the world’s population.
Even for those who can afford it, a dependence on internet connectivity
may lead to sub-optimal user experiences. With a focus on decentralized
deployment, we present an authorization model that is suitable for
scenarios where devices right next to each other (such as a sensor or
a friend’s phone) should be able to communicate securely in a peer-topeer
manner. The model has been deployed as part of an open-source
distributed application framework called Vanadium. As part of this tutorial,
we survey some of the key ideas and techniques used in distributed
authorization, and explain how they are combined in the design of our