January 27, 2021
Hot Topics:

Report: Bug Finders Spot Only 2% of Vulnerabilities

  • By Developer.com Staff

Many developers rely on bug finders to help them root out security vulnerabilities, but a new paper says those tools miss 98 percent of bugs. Researchers from New York University's Tandon School of Engineering, the MIT Lincoln Laboratory and Northeastern University developed a new technique called Large-Scale Automated Vulnerability Addition (LAVA), which adds known vulnerabilities to source code in order to benchmark the abilities of bug finders. When the researchers tested today's popular bug finders with the LAVA approach, the tools identified only 2 percent of the bugs LAVA added to the source code.

"There has never been a performance benchmark at this scale in this area, and now we have one," said Brendan Dolan-Gavitt, an assistant professor of computer science and engineering at NYU Tandon. "Developers can compete for bragging rights on who has the highest success rate in bug-finding, and the programs that will come out of the process could be stronger."

View article

This article was originally published on July 11, 2016

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date