I am a Lecturer in the Information Security Group at Royal Holloway, University of London. I am an expert in Software Compositional Analysis and its application to Software Bill of Materials (SBOMs), in particular those SBOMS that include Open-Source Software.
I am the only Software Security academic in the UK funded and trained by UK Research Councils through their New Investigator Award and Future Leaders incubator. This is helping me build critical mass for software transparency and consequently, achieve wider adoption of my work by stakeholders.
My research interests are in Secure Software Engineering. I have published my work in flagship venues across Software Engineering and Software Security such as ICSE, FSE and Usenix Security. Additional details of my work are below.
I work with Policymakers, Industry and Researchers to build automated tools for adoption of secure Software Supply Chains.
Tools. I am currently building a core set of tools that aim to quantify security risk in software systems and where possible auto-patch them to mitigate these risks. The key beneficiaries of these tools are users of software, who can be both consumers and businesses, as it will help them understand the risks in the software that they use.
Industry. I regularly provide consulting/training services to the industry in the domain of Secure Software Engineering and Software Vendor Management/Integration. These engagements help me ideate and shape the tooling that is required to automate workflows by working with a variety of stakeholders in the Industry.
Policymaking. I consult closely with departments within the UK Government on how to make software development tools widely accessible and useful. I also work with them to understand consumer needs and where required, advise on how regulation should evolve to drive the adoption of trusted Software Supply Chains.