Date(s) - 09/10/2015
11:00 - 12:00
IRISA / INRIA Rennes
The discovery of vulnerabilities in source code is a key for securing computer systems. While specific types of security flaws can be identified automatically, in the general case the process of finding vulnerabilities cannot be automated and vulnerabilities are mainly discovered by manual analysis. In this talk, we present two approaches that aim at assisting a security analyst during auditing of source code, instead of replacing her. These approaches combine concepts of program analysis and machine learning, which allows for spotting vulnerable code more effectively and efficiently. We first cover the extrapolation of vulnerabilities as a starting point for finding potentially vulnerable code and then proceed to the automatic identification of missing and incomplete security checks.
If you want to talk with Konrad on Friday, please contact: email@example.com