October 26, 2016
Hot Topics:

Report: Bug Finders Spot Only 2% of Vulnerabilities

  • July 11, 2016
  • By Developer.com Staff

Many developers rely on bug finders to help them root out security vulnerabilities, but a new paper says those tools miss 98 percent of bugs. Researchers from New York University's Tandon School of Engineering, the MIT Lincoln Laboratory and Northeastern University developed a new technique called Large-Scale Automated Vulnerability Addition (LAVA), which adds known vulnerabilities to source code in order to benchmark the abilities of bug finders. When the researchers tested today's popular bug finders with the LAVA approach, the tools identified only 2 percent of the bugs LAVA added to the source code.

"There has never been a performance benchmark at this scale in this area, and now we have one," said Brendan Dolan-Gavitt, an assistant professor of computer science and engineering at NYU Tandon. "Developers can compete for bragging rights on who has the highest success rate in bug-finding, and the programs that will come out of the process could be stronger."

View article

Comment and Contribute


(Maximum characters: 1200). You have characters left.



Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Sitemap | Contact Us

Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel