Over the past two decades we have seen an evolution of the application development and deployment landscape including the transitioning from an on-premise environment to a cloud-based one, which transformed the way development teams work, now heavily relying on continuous integration and continuous delivery. This has presented new challenges for application security, with a transition to a DevSecOps model where security gets integrated at all levels of the software process. Thus, one has to address a variety of constraints when integrating application security tools.

In this talk I summarise our experience over the past two decades on our work on detecting vulnerabilities in applications in both first-party and third-code code. This includes our research and productisation of the research that has been deployed on systems that are over billions of lines of code. Some of the points that enabled this large scale deployment were considerations of precision of results and limiting the resources required by these tools. The data we have gathered from our deployments provide various insights during the past years leading to the development of the Intelligent Application Security (IAS) vision, namely, to develop an integrated approach to improving application security tools with actionable intelligence. The future of these security-related tools demand actionable intelligence to be integrated into the developer workflow, in order to improve developer productivity and facilitate security tools to be used more broadly “under the hood”.

Cristina is the Vice President of the Oracle Software Assurance organisation where she leads a team of security researchers and software and machine learning engineers to make application security and software assurance, at scale, a reality. She was the founding Director of Oracle Labs Australia in 2010, where she led a team of researchers and engineers for close to 12 years, with a focus on scaling up Program Analysis techniques in new application security tools. Cristina led and successfully released Oracle Parfait, a static analysis tool used by thousands of C, C++ and Java developers each day. Cristina’s passion for tackling the big issues in the field of Program Analysis began with her PhD work in binary decompilation at the Queensland University of Technology, which led to her being named the Mother of Decompilation for her pioneering contributions to this domain.

Before she joined Oracle and Sun Microsystems, Cristina held academic posts at major Australian Universities, co-edited Going Digital, a landmark book on Cybersecurity, and served on the executive committees of ACM SIGPLAN and IEEE Reverse Engineering. She holds 20+ US patents and over 50 peer-reviewed publications, and has given Keynotes at international Computer Science conferences. Where possible, she channels her interests into mentoring young programmers and minorities in STEM.