CS Colloquium

Healthy software development teams often hold individuals who have significant experience to higher expectations than entry-level or "junior" contributors. Usually, organizations mark this differentiated scope and responsibility with a title like "Senior Software Developer."  When considering a career in software development, it's natural to focus on those immediate concerns around becoming a successful entry-level developer. However, an understanding of those "senior" expectations and practices that developers will encounter in the medium and long-term is invaluable for new professionals looking to bring their own career plans into focus.

So, how do Senior Software Developers impact the products they build? What strategies might Senior Developers use to empower their teams to be more effective? I'll discuss patterns I've noticed in the 17 years I’ve worked as a software developer in the consumer electronics domain. Drawing on my experiences contributing to large-scale products and services such as Xbox, HoloLens, Sonos, and Hulu, I will share some examples of impactful Senior-level deliverables. Audiences will gain a clearer understanding of how professional software development works on large teams through this survey of some of the novel ways individual contributors can make positive team-wide contributions. 

As a basic industrial research lab, Microsoft Research expects its members to both publish basic research and put it into practice.  Unfortunately, moving from a validated technique or model in a published paper to a state where that same technique is being used by and providing value to software development projects on a regular basis in a consistent and timely fashion is a time consuming, fraught, and difficult task. We have attempted to make this transition, which we call "Tech Transfer", many times in the empirical software engineering group (ESE) at Microsoft Research. Much like research in general, there have been both triumphs and setbacks, but each experience has provided valuable insight and informed our next effort. This talk shares our experiences from successes and failures and provides lessons and guidance that can be used by others trying to transfer their ideas into practice in both industrial and academic contexts.

Cybersecurity became the 5th battlefield space in which many threat actors play. In this talk we will address some basic concepts about Advanced Persistent Threats (APT) with special focus on threats against the financial and energy sectors.

Authentication (AuthN) is ensuring a user is who one says he or she is. Authorization (AuthZ) is ensuring that a properly authenticated user is accessing only those resources he or she is allowed. But how do businesses ensure that users are being properly authenticated? Identity Providers (IdPs) are services that businesses rely on to securely store and manage users digital data.

These IdPs are responsible for implementing the proper mechanisms for authenticating and verifying users. But what procedures do these IdPs follow to ensure such measures? There are several protocols and frameworks used by IdPs such as SAML, OAuth (and subsequently OIDC), Kerberos, and WsFed. Today, however, more services are relying on OAuth and OIDC to securely and correctly authenticate users. In this talk, Catherine will discuss how an IdP works, introduce the most common types of authentication protocols, and provide an in-depth explanation of OAuth and OIDC.

Today we find ourselves on the cusp of a revolution in computer hardware security. Semiconductor companies are creating chips as fast as possible to meet increasing global demand using development approaches that effectively address functionality but leave security out in the cold.

We will present this problem, and solutions, through stories and history. These stories incorporate humor, adventure, and survival in the midst of the war-torn wilderness known as: The Semiconductor Production Pipeline. Few have returned to tell the tale.

This talk, rescued, smuggled out from behind enemy lines, and authenticated by titans of industry, presents hardware security from a perspective rarely discussed in academic circles: deriving engineering requirements from customer security needs.

Technologists always search for better solutions to problems, and interfacing with GPUs is no exception.  In the almost four decades of commercially-available, hardware-accelerated computer graphics, there have been numerous APIs designed for the task.  This talk takes a look a how some of those interfaces have changed over time, and the impacts that their design has had in application performance, educational aspects, and engineer productivity.