Monday, September 22, 2025

NSF Cybersecurity Summit | Extended Hotel Block Deadlines – Book Now!

Planning to attend this year's NSF Cybersecurity Summit in Boulder, CO

Great news — the hotel room block deadlines have been extended!

 Boulder Marriott & Residence Inn
 Book by Tomorrow, September 23, to secure your group discount.

 Hilton Garden Inn
 Book by Friday, September 26, to secure your group discount.

Tuesday, September 9, 2025

Trusted CI Webinar: No Harness, No Problem: Extending Fuzzing’s Reach via Oracle-guided Harness Generation, Monday September 22nd @ 10am Central

University of Utah's Stefan Nagy is presenting the talk, No Harness, No Problem: Extending Fuzzing’s Reach via Oracle-guided Harness Generation, on Monday September 22nd at 10am, Central time.

Please register here.

As NIST estimates that today's software contains up to 25 bugs per 1,000 lines of code, the prompt discovery of exploitable flaws is now crucial to mitigating the next big cyberattack. Over the last decade, the software industry mitigated increasing complexity by turning to a lightweight approach known as fuzzing: automated testing that uncovers program bugs through repeated injection of randomly-mutated test cases. Academia and industry have extensively studied fuzzing's three main challenges—input generation, program feedback collection, and, most critically, code harnessing—accelerating fuzzing to find many more vulnerabilities in less time. However, the critical nature of scientific computing—multi-purpose software toolkits, bespoke APIs, and high-performance environments—demands analogous advances in the vetting of scientific cyberinfrastructure. 

In this talk, I will showcase my group's research on automatic code harnessing, a key step toward making fuzzing scalable to today's complex scientific libraries. First, I will introduce our core approach Oracle-guided Harnessing: a technique that mutationally constructs and refines fuzzing harnesses using only library headers, validated through correctness oracles spanning compilation, execution, and coverage. Next, I will discuss our extensions of this approach to the C and Python library ecosystems, where it has uncovered over 70 previously-unknown security vulnerabilities and logical bugs across widely-used codebases. Finally, I will outline my vision for synergistic harnessing techniques that combine emergent large-language-model–driven methods with our Oracle-guided strategies, charting a path toward fully automatic, broadly applicable, and error-free harnessing.

Speaker Bio: 

Dr. Stefan Nagy is an Assistant Professor in the Kahlert School of Computing at the University of Utah, where he directs the FuTURES³ Lab. His work lies at the intersection of software engineering, computer systems, and security, with a focus on making automated vetting of software and systems more effective and efficient irrespective of kernel, architecture, and source code. His research frequently appears at top venues such as ICSE, USENIX Security, and ACM CCS, and has led to the discovery of more than 200 previously-unknown software bugs and security vulnerabilities (futures.cs.utah.edu/bugs). He holds a PhD from Virginia Tech and a BS from the University of Illinois at Urbana-Champaign.


---

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

Thursday, September 4, 2025

Secure Your Hotel Room for the NSF Cybersecurity Summit Before September 19

 



Time is running out to book your hotel room for this year's NSF Cybersecurity Summit in Boulder, CO!

The deadline to reserve your room at the discounted group rate is September 19th, and availability is limited.

This annual Summit brings together cybersecurity practitioners, technical leaders, and risk managers from the NSF Major Facilities and Cyberinfrastructure community. Attendees will also include key stakeholders and thought leaders from across the scientific and cybersecurity landscapes.

There is still time to register for this year's Summit—the deadline is October 6. If you have any questions or need assistance, please reach out to us.


We hope to see you in Boulder!

Summit Organizing and Program Committee

Tuesday, September 2, 2025

Trusted CI Celebrates Sixth Cohort Graduation & Opens Call for 2026 Engagement

Trusted CI’s sixth Framework Cohort, “Foxtrot”, successfully completed the six-month program of training and workshop engagement focused on learning and applying the Trusted CI Framework. The Cohort members entered the engagement with a commitment to adopting the Framework at their organizations. They then worked closely with Trusted CI to gather facility information and create validated self-assessments of their cybersecurity programs based on the Framework. Each organization also emerged with a draft Cybersecurity Program Strategic Plan (CPSP) identifying priorities and directions for further refining their cybersecurity programs. Foxtrot cohort included the following research-oriented organizations:

 ALMA  |  DERConnect  |  UC Davis  |  US ATLAS  |  ZEUS

image of logos of foxtrot participants; ALMA, DERConnect, UC Davis, US ATLAS, and ZEUS
The foundation of the cohort program is the Trusted CI Framework. The Framework was created as a minimum standard for cybersecurity programs. In contrast to cybersecurity guidance focused narrowly on cybersecurity controls, the Trusted CI Framework provides a more holistic and mission-focused standard for managing cybersecurity. For these organizations, the cohort was their first formal training in the Trusted CI Framework “Pillars” and “Musts” and how to apply these fundamental principles to assess their cybersecurity programs.

Feedback on the program from cohort participants has been strongly positive:

"Participating in the Trusted CI Cohort was an excellent experience and brought significant value to our team. As a research group working at the intersection of the power grid and renewable energy, cybersecurity is critical for both our daily operations and the broader transition to smarter, more connected technologies. The cohort facilitators provided expert guidance and a practical framework that helped us clarify our cybersecurity risks, baseline controls, stakeholder responsibilities, and more. Through their collaborative and thorough approach, we developed an actionable, strategic plan and gained a holistic understanding of our security posture. With this training, we feel empowered and better prepared to implement a robust cybersecurity program, strengthening both our research and industry collaborations."

 - Keaton Chia, R&D Engineer and Project Manager, DERConnect 

 

 2026 Framework Cohort Call for Participation Open

Trusted CI has a few spots left for the 2026 Framework Cohort engagement (starting January 2026). To learn more or to submit the interest form for your organization, visit trustedci.org/framework/cohort-participation

Engagement with RISC

Concurrent with leading Foxtrot, Trusted CI continued quarterly engagement with graduates of the five previous Framework cohorts through the Research Infrastructure Security Community (RISC). Trusted CI established RISC as a community of practice to provide a forum for cohort graduates to expand their cybersecurity knowledge, share experiences, and build relationships within the NSF research cyberinfrastructure community.

For more information, please contact us at framework@trustedci.org.