Monash researchers develop new code security tool
Monash University researchers have developed a new approach to predicting software vulnerabilities that promises to improve accuracy by more than 300%.
The new technique, developed at the university’s Faculty of Information Technology, could also potentially halve time and effort needed compared to current leading prediction tools.
The proposed LineVul approach is able to safeguard against the top 25 most dangerous and common weaknesses in source codes, and can be applied broadly to strengthen cybersecurity across any application built with source code.
Research co-author Dr Chakkrit Tantithamthavorn said modern software programs contain millions to billions of lines of code and it often takes a significant amount of time to identify and rectify vulnerabilities.
“Current state-of-the-art machine learning-based vulnerability prediction tools are still inaccurate and are only able to identify general areas of weakness in the source codes,” he said.
“With the proposed LineVul approach, we are not only able to predict the most critical areas of vulnerability but also are able to specifically identify the location of vulnerabilities down to the exact line of code.”
The approach has been tested against large-scale real-world datasets with more than 188,000 lines of software code, according to co-author and PhD candidate Michael Fu.
“The LineVul approach can be broadly applied across any software system to strengthen applications against cyber attacks and can be a significant tool for developers especially in safety-critical areas like software used by the Australian Government, defence, finance [and other key] sectors,” Fu said.
The researchers are now working on developing new methods to automatically suggest corrections for vulnerabilities in software code.
Phishing attacks on Australian workers growing more successful
The rate of Australian workers clicking on phishing links has surged 140% since last year,...
Ingram Micro adds AlgoSec to supplier line-up
Ingram Micro has reached an agreement to distribute application-centric security...
CyberCX to be bought out by Accenture
Accenture has arranged to make its largest cybersecurity acquisition to date through the purchase...