Researchers Add Software Bugs to Reduce the Number of… Software Bugs

A new strategy for training bug-finding tools could help catch more vulnerabilities.

Researchers are adding bugs to experimental software code in order to ultimately wind up with programs that have fewer vulnerabilities.
The idea is to insert a known quantity of vulnerabilities into code, then see how many of them are discovered by bug-finding tools.

By analyzing the reasons bugs escape detection, developers can create more effective bug-finders, according to researchers at New York University in collaboration with others from MIT’s Lincoln Laboratory and Northeastern University.

They created large-scale automated vulnerability addition (LAVA), which is a low-cost technique that adds the vulnerabilities. 

(See more...)