Dr. Lori Flynn is a senior software security researcher in the CERT Division at Carnegie Mellon University's Software Engineering Institute. Flynn's research focuses on automated software security analyses using static analysis. Sometimes her work extends to cybersecurity, AI/ML, automated program repair, malware analysis, SBOM/SCA tools, DevSecOps, and mobile computing. She has proposed and led many research projects and a small number of contract projects. She contributes to the academic and government research communities through participation in and leadership of working groups and conferences.

At Bell Labs, Flynn co-invented a patented static analysis method to create signatures for polymorphic executables. She also founded a penetration-testing group and physical test network within Bell Labs Internet Research Lab.

At the SEI, Flynn has recently contributed to research projects as a code developer, tester, and co-author (topics: automated code repair for static analysis alerts and developing a static analysis using LLVM intermediate representation to analyze for tainted data flows for detection of possible malware). For six years, Flynn was the principal investigator of a series of four line-funded research projects involving use of machine learning to automate handling of static analysis results. The projects developed artifacts that include algorithms, many tools, datasets, papers, presentations, and training materials. Some of these (tools and training materials) have been transitioned via contract projects. Topics within that research include AI, using CI/CD, classifiers, extensible modular architecture, Open API v3, test suites, adjudication cascading, adjudication lexicon and rules, automated software engineering tools, and metrics improvements. Another series of research projects she led developed DidFail, the first taint flow static analysis algorithm for Android app sets, implementing and enhancing the precision and coverage of the algorithm. She also led initial development of the CERT Secure Coding Standard for Android. Flynn led the Flexibility Working Group during the FY23 NI4CA project and worked on the R&T subcommittee as part of SEI’s multi-year Strategic Initiative effort.

Throughout her time at SEI, Flynn has also contributed to the research community through participation on many conference/workshop program committees, plus work as a conference/workshop organizer, including multiple stints as co-chair and chair. For two years, Flynn was co-chair of the Tools Working Group of the DoD/DHS/NNSA Software Assurance Community of Practice (SwA CoP).

Flynn holds a PhD in Computer Science from the University of California at Santa Cruz and a BS in Molecular Biology from the University of Wisconsin-Parkside. Her doctoral dissertation focus was multicast routing with qualifiers for ad-hoc mobile networks.