Panel on ML and Architectural Risk Analysis (aka Threat Modeling)

Irius Risk, a company specializing in automating threat modeling for software security, hosted a webinar on Machine Learning and Threat Modeling March 30, 2023. BIML CEO Gary McGraw participated in the webinar along with Adam Shostack.

The webinar was recorded and you can watch here. FWIW, we are still not exactly clear on Adam’s date of replacement.

BIML Keynotes National Science Foundation Meeting

Every bunch of years, the National Science Foundation holds vision workshops to discuss scientific progress in fields they support. This year BIML’s Gary McGraw was pleased to keynote the Computer Science “Secure and Trustworthy Cyberspace” meeting.

He gave a talk on what #MLsec can learn from #swsec with a focus on technology discover, development, and commercialization. There are many parallels between the two fields. Now is a great time to be working in machine learning security.

You can download the slides here.

AMA for Open Security Summit Zeros in on Machine Learning

BIML CEO Gary McGraw participates in an AMA

Lots of excellent content on ML Security, ML, and security in this video. Have a look.

Shostack on ML and Threat Modeling

Adam Shostack is one of the pre-eminent experts on threat modeling. So when he publishes an article, it is always worth reading and thinking about. But Adam seems to be either naïve or insanely optimistic when it comes to AI/ML progress. ML has no actual IDEA what it’s doing. Don’t ever forget that.

This issue is so important that we plan to debate it soon in a webinar format. Contact us for details.

Read adam’s article here.

ML and Automated Coding: Not Ready for Prime Time

As a software security guy, I am definitely in tune with the idea of automated coding. But today’s “code assistants” do not have any design-level understanding of code. Plus they copy (statistically-speaking, anyway) chunks of code full of bugs.

Robert Lemos wrote a very timely article on the matter. Check it out.

https://readme.security/ai-code-assistants-need-security-training-fb1b81acc85a

BIML in darkreading 2: a focus on training data

The second in a two part darkreading series focused on machine learning data exposure and data-related risk focuses attention on protecting training data without screwing it up. For the record, we believe that technical approaches like synthetic data creation and differential privacy definitely screw up your data, sometimes so much that the ML activity you wanted to accomplish is no longer feasible.

Read the article now.

The first article in the series can be found here. That article introduces the often-ignored problem of operational query data exposure.

Discussing MLsec at the Local Retirement Community

As part of our mission to spread the word about machine learning security far and wide, we were pleased to deliver a talk at Westmister-Canterbury in the Shenandoah Valley.

The talk posed a bit of a challenge since it was the very first “Thursday talk” delivered after COVID swept the planet. As you might imagine, seniors who are smart are very much wary of the pandemic. In the end, the live talk was delivered to around 12 people with an audience of about 90 on closed circuit TV. That, and the fact that these accomplished seniors came from all walks of life, made this an interesting iteration of the BIML talk.

Watch for yourself!

Let us know if your group would appreciate a talk from BIML.

Think Global, Talk Local

We’re pleased that BIML has helped spread the word about MLsec (that is, machine learning security engioneering) all over the world. We’ve given talks in Germany, Norway, England, and, of course, all over the United States.

And we’re always up for more. If you are interested in having BIML participate in your conference, please contact Gary McGraw through his website.

This summer, we were asked to give a talk at our local community center, the Barns of Rose Hill. We were happy to oblige. We even donated all proceeds to FISH.

Those of you who are deep geeks will know what a challenge it can be to communicate subtle technology ideas to normal people. BIML prides itself on being able to do that. The issues we’re researching are important and have a direct impact on our society as a whole. For that reason, spreading the word among non-technical normals is critical to our mission.

BIML in the Barn Episode 4: David Evans, University of Virginia

An important part of our mission at BIML is to spread the word about machine learning security. We’re interested in compelling and informative discussions of the risks of AI that get past the scary sound bite or the sexy attack story. We’re proud to continue the bi-monthly video series we’re calling BIML in the Barn.

Our fourth video talk features Professor David Evans a computer scientist at University of Virginia working on Security Engineering for Machine Learning. David is interested in the same notions of representation and generalization that we’re interested in at BIML.

Watch Dave’s video here.

Sadly, BIML stopped producing BIML in the Barn episodes after our super talented videographer moved to Berlin. We may restart if we come up with a pile of money to produce more videos. Sponsors welcome!