The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.03 - May/June (2011 vol.9)
pp: 74-77
Sean Heelan , Immunity Inc.
ABSTRACT
Systems proposed in academic research have so far failed to make a significant impact on real-world vulnerability detection. Most software bugs are still found by methods with little input from static-analysis and verification research. These research areas could have a significant impact on software security, but first we need a shift in research goals and approaches. We need systems that incorporate human code auditors' knowledge and abilities, and we need evaluation methods that actually test proposed systems' usability in real situations. Without changes, academic research will continue to be ignored by the security community, and opportunities to build better tools for finding bugs and understanding software will be missed.
INDEX TERMS
software security, symbolic execution, static analysis, software engineering, security, security and privacy
CITATION
Sean Heelan, "Vulnerability Detection Systems: Think Cyborg, Not Robot", IEEE Security & Privacy, vol.9, no. 3, pp. 74-77, May/June 2011, doi:10.1109/MSP.2011.70
REFERENCES
1. T. Avgerinos et al., "AEG—Automatic Exploit Generation," Proc. 2011 Network and Distributed System Security Symp. (NDSS 11), Internet Soc., 2011; http://security.ece.cmu.edu/aegaeg-current.pdf .
2. C. Miller et al., "Crash Analysis with BitBlaze," 2010; http://securityevaluators.com/files/papers CrashAnalysis.pdf.
19 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool