The Truth About Bug Finders: They're Essentially Useless

In tests, they missed 98 percent of the vulnerabilities in researchers' code

Katherine Noyes for CIO July 8th, 2016
Source: http://www.cio.com/article/3093357/application-development/the-truth-about-bug-finders-theyre-essentially-useless.html

Today's popular bug finders catch only about two percent of the vulnerabilities lurking in software code, researchers have found, despite the millions of dollars companies spend on them each year.

Bug finders are commonly used by software engineers to root out problems in code that could turn into vulnerabilities. They'll typically report back how many bugs they found — what you don't know is how many were missed, leaving success rates an open mystery.

So researchers at New York University's Tandon School of Engineering in collaboration with the MIT Lincoln Laboratory and Northeastern University decided to find out how much they are missing.

(See more...)

Departments

Degrees & Programs

Resources

Overview

Community

News & Events

The Truth About Bug Finders: They're Essentially Useless

More to Read

Two NYU Tandon professors are honored by the American Association for the Advancement of Science

NYU Tandon researchers mitigate racial bias in facial recognition technology with demographically diverse synthetic image dataset for AI training

Raising a toast to Joseph Owades, the inventor of light beer