Author Archives: Stephan Neuhaus

About Stephan Neuhaus

Stephan Neuhaus has been working in security since 1992, when he was a member of the PGP 2.0 development team. He has since been a successful entrepreneur before going back to University where he got his PhD in Software Engineering from Saarbrücken University in 2008. He is now a Senior Researcher at ETH Zurich, where he works on empirical software security in Prof. Plattner's Communication Systems Group.

The Axiomatic Method and Security Metrics

Posted on 02.10.2012 by Stephan Neuhaus

[Note: this blog post is a commentary and does not necessarily reflect the opinion of the Communication Systems Group.] I have just returned from MetriSec 2012, which was a complete success in my opinion. Peter Gutmann delivered an excellent keynote, … Continue reading →

Posted in Commentary | 1 Comment

Come to MetriSec 2012 (Part 2)!

Posted on 10.07.2012 by Stephan Neuhaus

Yesterday’s post was about the exciting keynote at this year’s MetriSec. Today’s post is about another highlight, the panel. One of the biggest problems in empirical studies about computer security is the data. Usually you can’t control the data acquisition … Continue reading →

Posted in General | Leave a comment

Come to MetriSec 2012 (Part 1)!

Posted on 09.07.2012 by Stephan Neuhaus

This post is not a technical article, but in-house advertising. I am a proud co-chair of MetriSec 2012, an international workshop on security metrics and related topics. This year’s programme is a bit unusual. Sure, we have papers, but we … Continue reading →

Posted in General | Leave a comment

Happy 2012!

Posted on 17.01.2012 by Stephan Neuhaus

A happy 2012 to all, from the Communication Systems Group!

Posted in General | Leave a comment

Read the Classics!

Posted on 24.11.2011 by Stephan Neuhaus

I have recently read a book about the history of statistics, and the author made me aware of several books by R. A Fisher, or, to give his full name, Sir Ronald A. Fisher, Sc.D., FRS, one of the giants … Continue reading →

Posted in General | Leave a comment

The Value of Scientific Presentations

Posted on 07.10.2011 by Stephan Neuhaus

In conferences, I often come across science that is great. Results are amazing, people have done something that was thought not to be doable, or they have built a system that has incredible properties. However, that same science is often … Continue reading →

Posted in General | Leave a comment

Johnny Still Can’t Encrypt

Posted on 12.09.2011 by Stephan Neuhaus

There once was a very good article about user interface issues in PGP 5.0, called “Why Johnny Can’t Encrypt“. In this year’s Usenix Security Symposium (Simply called “Security” by those in the know), there was an article called “Why (Special … Continue reading →

Posted in Security | Leave a comment

Stats Tip #4: Make Use of Unparametric Tests

Posted on 22.08.2011 by Stephan Neuhaus

In statistical hypothesis testing, you often have the choice between tests that assume a certain distribution of the underlying data and tests that don’t make these assumptions. For example, when evaluating a drug trial, you can choose between, e.g., the … Continue reading →

Posted in Stats Tips | Leave a comment

Stats Tip #3: Bonferroni? No Thanks, I Don’t Like Pasta!

Posted on 02.08.2011 by Stephan Neuhaus

Ravioli, Spaghetti, Bonferroni, Canneloni, Lasagna. All delicious products made from semola di grano duro. Add tomato sauce, put some grana on top, serve with Chianti. (Or Teroldego if, like me, you’ve spent some time in the Trentino.) Mjam!

Posted in Stats Tips | 2 Comments

Stats Tip #2: Don’t Bin (If You Don’t Have To)!

Posted on 18.07.2011 by Stephan Neuhaus

In a paper, published at a peer-reviewed conference, the authors wished to test the hypothesis that their univariate data was distributed according to an exponential distribution. They didn’t get it quite right.

Posted in Stats Tips | Leave a comment