This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Vulnerability Detection Systems: Think Cyborg, Not Robot
May/June 2011 (vol. 9 no. 3)
pp. 74-77
Sean Heelan, Immunity Inc.
Systems proposed in academic research have so far failed to make a significant impact on real-world vulnerability detection. Most software bugs are still found by methods with little input from static-analysis and verification research. These research areas could have a significant impact on software security, but first we need a shift in research goals and approaches. We need systems that incorporate human code auditors' knowledge and abilities, and we need evaluation methods that actually test proposed systems' usability in real situations. Without changes, academic research will continue to be ignored by the security community, and opportunities to build better tools for finding bugs and understanding software will be missed.

1. T. Avgerinos et al., "AEG—Automatic Exploit Generation," Proc. 2011 Network and Distributed System Security Symp. (NDSS 11), Internet Soc., 2011; http://security.ece.cmu.edu/aegaeg-current.pdf .
2. C. Miller et al., "Crash Analysis with BitBlaze," 2010; http://securityevaluators.com/files/papers CrashAnalysis.pdf.

Index Terms:
software security, symbolic execution, static analysis, software engineering, security, security and privacy
Citation:
Sean Heelan, "Vulnerability Detection Systems: Think Cyborg, Not Robot," IEEE Security & Privacy, vol. 9, no. 3, pp. 74-77, May-June 2011, doi:10.1109/MSP.2011.70
Usage of this product signifies your acceptance of the Terms of Use.