Researchers Look to Bots, Big Data to Fix Software Flaws
MIT researchers have created a system, dubbed Code Phage, to fix security software bugs by borrowing code from other programs, while other companies are using big data analytics to hunt down code flaws.Automated systems paired with the ability to sift through massive amounts of data have changed numerous industries over the past decade, from delivering search results, to identifying sales trends and optimizing business processes. Now, a combination of Big Data and cognitive computing is being used to ferret out security flaws in software. Keeping security vulnerabilities out of today's software is a complex and multi-pronged effort, requiring developer training, expert systems that can spot certain classes of software bugs, and iterative quality control processes. Yet, computer scientists are now looking for ways to eliminate many of the headaches and tedium of software development to, not only find flaws in programs, but fix them. Researchers at the Massachusetts Institute of Technology, for example, created a system called Code Phage that can automatically patch software found to contain certain classes of flaws by searching for similar functionality in other programs and grafting it into the recipient software. The system mimics the biological process of horizontal gene transfer, but instead of moving genetic material between cells, Code Phage moves snippets of code between a donor program and the recipient with the vulnerability.
In a paper presented at the Association for Computing Machinery’s Programming Language Design and Implementation conference in June, the team of researchers reported that their system fixed 10 errors in 7 programs, taking from two to 10 minutes for each repair.