Issue No.03 - May/June (2011 vol.9)
Sean Heelan , Immunity Inc.
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2011.70
Systems proposed in academic research have so far failed to make a significant impact on real-world vulnerability detection. Most software bugs are still found by methods with little input from static-analysis and verification research. These research areas could have a significant impact on software security, but first we need a shift in research goals and approaches. We need systems that incorporate human code auditors' knowledge and abilities, and we need evaluation methods that actually test proposed systems' usability in real situations. Without changes, academic research will continue to be ignored by the security community, and opportunities to build better tools for finding bugs and understanding software will be missed.
software security, symbolic execution, static analysis, software engineering, security, security and privacy
Sean Heelan, "Vulnerability Detection Systems: Think Cyborg, Not Robot", IEEE Security & Privacy, vol.9, no. 3, pp. 74-77, May/June 2011, doi:10.1109/MSP.2011.70