Researchers from Monash University reckon they’ve found the most effective approach to accurately predict vulnerabilities in software code. It’s known as ‘LineVul’.
First, what are software vulnerabilities? Basically what it says on the tin. Vulnerabilities are prevalent across all systems and software that is built using source codes. These vulnerabilities cause a variety of problems, including deadlock, hacking or system failures.
Finding this stuff sooner is obviously better than later, as early predictions of vulnerabilities are critical for security software systems.
Enter Monash researchers. The university’s experts from the Faculty of Information Technology have developed the ‘LineVul’ approach. They reckon this LineVul approach has increased accuracy in predicting software vulnerabilities by more than 300 per cent, while spending only half the usual amount of time and effort, when comparing it to existing “best-in-class” prediction tools.
They said LineVul is also able to guard against the top 25 most dangerous and common weaknesses in source codes, and can be applied broadly to strengthen cybersecurity across any application built with source code.
At the risk of hyperfixating too much on something so niche, it can’t be emphasised just how much effort trawling through code usually takes. As research co-author Dr Chakkrit Tantithamthavorn explained, standard software programs contain millions to billions of lines of code and it often takes a significant amount of time to identify and rectify vulnerabilities.
“Current state-of-the-art machine learning-based vulnerability prediction tools are still inaccurate and are only able to identify general areas of weakness in the source codes,” he said.
“With the proposed LineVul approach we are not only able to predict the most critical areas of vulnerability but also are able to specifically identify the location of vulnerabilities down to the exact line of code.”