The science of cyber security experimentation: the DETER project
Proceedings of the 27th Annual Computer Security Applications Conference
Generalized vulnerability extrapolation using abstract syntax trees
Proceedings of the 28th Annual Computer Security Applications Conference
Chucky: exposing missing checks in source code for vulnerability discovery
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Hi-index | 0.00 |
Systems proposed in academic research have so far failed to make a significant impact on real-world vulnerability detection. Most software bugs are still found by methods with little input from static-analysis and verification research. These research areas could have a significant impact on software security, but first we need a shift in research goals and approaches. We need systems that incorporate human code auditors' knowledge and abilities, and we need evaluation methods that actually test proposed systems' usability in real situations. Without changes, academic research will continue to be ignored by the security community, and opportunities to build better tools for finding bugs and understanding software will be missed.