When a software security disaster hits, organizations are left to put out the fires. Now, one tool wants to keep the fires from starting in the first place. Draper Laboratory is working on a solution that would automatically detect and repair vulnerabilities and flaws in software before it is released to the public.
DeepCode is a DARPA-funded software security solution that uses deep-learning techniques and Big Data analytics to ensure users aren’t vulnerable to a hack attack. According to McAfee, cybercrimes cost the global economy more than US$445 billion annually.
“Draper is applying Big Data analytics to automatically discover software vulnerabilities,” said Kaigham J. Gabriel, president and CEO of Draper. “This novel approach attempts to do what neither static nor dynamic testing techniques have been able to accomplish to date: automatically find all known vulnerabilities in binary and source code.”
The Draper DeepCode team previously had success identifying synthetic advanced persistent threats using deep-learning techniques, and those methods are being repurposed for the DeepCode engine. This is the first time deep learning is being used to analyze software structure and content, according to Draper.
“DeepCode will examine terabytes of open-source software to learn about the fundamental nature of good and bad code for both government and commercial applications,” said Brad Gaynor, associate director for cyber systems at Draper. “Once trained, DeepCode will analyze new and existing software projects (both binary and source), automatically identify flawed program segments, and recommend code repairs to replace the vulnerable software components with more secure versions.”
More information is available here.