Researchers Add Software Bugs to Reduce the Number of… Software Bugs
A new strategy for training bug-finding tools could help catch more vulnerabilities.
- Tim Greene for Network World July 7th, 2016
- Source: http://www.networkworld.com/article/3092994/security/researchers-add-software-bugs-to-reduce-the-number-of-software-bugs.html
Researchers are adding bugs to experimental software code in order to ultimately wind up with programs that have fewer vulnerabilities.
The idea is to insert a known quantity of vulnerabilities into code, then see how many of them are discovered by bug-finding tools.
By analyzing the reasons bugs escape detection, developers can create more effective bug-finders, according to researchers at New York University in collaboration with others from MIT’s Lincoln Laboratory and Northeastern University.
They created large-scale automated vulnerability addition (LAVA), which is a low-cost technique that adds the vulnerabilities.