Author Archives: Stephan Neuhaus

About Stephan Neuhaus

Stephan Neuhaus has been working in security since 1992, when he was a member of the PGP 2.0 development team. He has since been a successful entrepreneur before going back to University where he got his PhD in Software Engineering from Saarbrücken University in 2008. He is now a Senior Researcher at ETH Zurich, where he works on empirical software security in Prof. Plattner's Communication Systems Group.

The Axiomatic Method and Security Metrics

[Note: this blog post is a commentary and does not necessarily reflect the opinion of the Communication Systems Group.] I have just returned from MetriSec 2012, which was a complete success in my opinion. Peter Gutmann delivered an excellent keynote, … Continue reading

Posted in Commentary | 1 Comment

Come to MetriSec 2012 (Part 2)!

Yesterday’s post was about the exciting keynote at this year’s MetriSec. Today’s post is about another highlight, the panel. One of the biggest problems in empirical studies about computer security is the data. Usually you can’t control the data acquisition … Continue reading

Posted in General | Leave a comment

Come to MetriSec 2012 (Part 1)!

This post is not a technical article, but in-house advertising.  I am a proud co-chair of MetriSec 2012, an international workshop on security metrics and related topics.  This year’s programme is a bit unusual. Sure, we have papers, but we … Continue reading

Posted in General | Leave a comment

Happy 2012!

A happy 2012 to all, from the Communication Systems Group!

Posted in General | Leave a comment

Read the Classics!

I have recently read a book about the history of statistics, and the author made me aware of several books by R. A Fisher, or, to give his full name, Sir Ronald A. Fisher, Sc.D., FRS, one of the giants … Continue reading

Posted in General | Leave a comment

The Value of Scientific Presentations

In conferences, I often come across science that is great. Results are amazing, people have done something that was thought not to be doable, or they have built a system that has incredible properties. However, that same science is often … Continue reading

Posted in General | Leave a comment

Johnny Still Can’t Encrypt

There once was a very good article about user interface issues in PGP 5.0, called “Why Johnny Can’t Encrypt“. In this year’s Usenix Security Symposium (Simply called “Security” by those in the know), there was an article called “Why (Special … Continue reading

Posted in Security | Leave a comment

Stats Tip #4: Make Use of Unparametric Tests

In statistical hypothesis testing, you often have the choice between tests that assume a certain distribution of the underlying data and tests that don’t make these assumptions.  For example, when evaluating a drug trial, you can choose between, e.g., the … Continue reading

Posted in Stats Tips | Leave a comment

Stats Tip #3: Bonferroni? No Thanks, I Don’t Like Pasta!

Ravioli, Spaghetti, Bonferroni, Canneloni, Lasagna. All delicious products made from semola di grano duro. Add tomato sauce, put some grana on top, serve with Chianti. (Or Teroldego if, like me, you’ve spent some time in the Trentino.) Mjam!

Posted in Stats Tips | 2 Comments

Stats Tip #2: Don’t Bin (If You Don’t Have To)!

In a paper, published at a peer-reviewed conference, the authors wished to test the hypothesis that their univariate data was distributed according to an exponential distribution. They didn’t get it quite right.

Posted in Stats Tips | Leave a comment