Vulnerability Finding Using Machine Learning

2020-04-20 11:22

The problem of finding software vulnerabilities seems well-suited for ML systems.

Going through code line by line is just the sort of tedious problem that computers excel at, if we can only teach them what a vulnerability looks like.

Finding vulnerabilities can benefit both attackers and defenders, but it's not a fair fight.

We might say to each other, "Remember those years when software vulnerabilities were a thing, before ML vulnerability finders were built into every compiler and fixed them before the software was ever released? Wow, those were crazy years." Not only is this future possible, but I would bet on it.

Those vulnerability finders will first be unleashed on existing software, giving attackers hundreds if not thousands of vulnerabilities to exploit in real-world attacks.

News URL

https://www.schneier.com/blog/archives/2020/04/vulnerability_f.html

#machinelearning #vulnerability