Andy Ozment has worked in a variety of technical and policy positions throughout the U.S. government. Prior to joining the government in 2008, Andy researched the economics of computer security and security usability at MIT Lincoln Laboratory. While on a Marshall Scholarship, he earned a computer science PhD from Cambridge and a master’s in international relations from the LSE. Andy started his career working in operational network security at Georgia Tech, where he also earned a bachelor’s in computer science. Refereed Publications

Andy Ozment. “Improving Vulnerability Discovery Models: Problems with Definitions and Assumptions.” In the proceedings of the Third Workshop on Quality of Protection (QoP’07). October 29, 2007: Alexandria, VA, USA. [pdf]

Andy Ozment. “Vulnerability Discovery and Software Security.” Ph.D. Dissertation. October 9, 2007: University of Cambridge Computer Laboratory, Cambridge, UK. [pdf]

Stuart E. Schechter, Rachna Dhamija, Andy Ozment, and Ian Fischer. “The Emperor’s New Security Indicators: An Evaluation of Website Authentication and the Effect of Role Playing on Usability Studies.” In the proceedings of the 2007 IEEE Symposium on Security and Privacy. May 20-23, 2007: Oakland, CA, USA. [pdf]

Andy Ozment and Stuart E. Schechter. “Milk or Wine: Does Software Security Improve with Age?” In the proceedings of the Fifteenth Usenix Security Symposium. July 31 - August 4, 2006: Vancouver, BC, Canada. [pdf] [html]

Andy Ozment and Stuart E. Schechter. “Bootstrapping the Adoption of Internet Security Protocols.” In the proceedings of the Fifth Workshop on the Economics of Information Security Security. June 26-28, 2006: Cambridge, UK. [pdf]

Andy Ozment, Stuart E. Schechter, and Rachna Dhamija. “Web Sites Should Not Need to Rely On Users to Secure Communications.” In the proceedings of the W3C Workshop on Transparency and Usability of Web Authentication. March 15-16, 2006: New York, NY, USA. [pdf]

Andy Ozment. “Software Security Growth Modeling: Examining Vulnerabilities with Reliability Growth Models.” In Quality of Protection: Security Measurements and Metrics. Dieter Gollman, Fabio Massacci, and Artsiom Yautsiukhin, eds. ISBN: 978-0-387-29016-4. Springer: 2006. [pdf] [Workshop]

Andy Ozment. “The Likelihood of Vulnerability Rediscovery and the Social Utility of Vulnerability Hunting.” In the proceedings of the Fourth Workshop on the Economics of Information Security (WEIS). June 2-3, 2005: Cambridge, MA, USA. [pdf]

Andy Ozment. “Bug Auctions: Vulnerability Markets Reconsidered.” In the proceedings of the Third Workshop on the Economics of Information Security (WEIS). May 13-14, 2004: Minneapolis, MN, USA. [pdf] [pdf slides]

Rupert Gatti, Stephen Lewis, Andy Ozment, Thierry Rayna, and Andrei Serjantov. “Sufficiently Secure Peer-to-Peer Networks.” In the proceedings of the Third Workshop on the Economics of Information Security (WEIS). May 13-14, 2004: Minneapolis, MN, USA. [pdf] [pdf slides]

Seymour E. Goodman, Pamela Hassebroek, Davis King, and Andy Ozment. “International Coordination to Increase the Security of Critical Network Infrastructures.” Journal of Information Warfare. ISSN: 1445-3312. 2:2:72-87. 2003.

Andy Ozment, Alison Smith, and Wendy Newstetter. “Causes for Cheating: Unclear Expectations in the Classroom.” In the proceedings of the 2000 ASEE Annual Conference and Exposition. June 2000: St Louis, MO, USA. [pdf]

Book Chapters

Ross Anderson, Tyler Moore, Shishir Nagaraja, and Andy Ozment. “Incentives and Information Security in Networks.” In Algorithmic Game Theory. Edited by Noam Nisan, Tim Roughgarden, Eva Tardos, and Vijay Vazirani. Cambridge University Press. To be published in 2007.