DeepCode tool detects software flaws before release

Could the DARPA-funded tool prevent security disasters such as the Heartbleed bug?

A new tool funded by DARPA promises to detect flaws in software before release to the general public.

Designed by Cambridge, MA-based firm Draper Laboratory with funding from the Defense Advanced Research Projects Agency (DARPA), DeepCode aims to "automatically detect and repair software errors and vulnerabilities prior to release of new software programs," according to the company.

As many data breaches are caused by flawed software, including poor coding and programming errors, it is likely we will see other similar solutions appear on the market. We have already seen a number of fundamental software flaws surface within a year -- including Heartbleed, Ghost and FREAK -- which give rise to security issues which places web users and their data at risk.

Big data analytics which mimic human abilities to recognize patterns are applied to software through DeepCode in order to find all known vulnerabilities in binary and source code. When the tool uncovers a particular coding flaw or segment in the wild, the company says the region is analyzed for flaws in design patterns.

Brad Gaynor, associate director for Cyber Systems at Draper explained:

"DeepCode will examine terabytes of open-source software to learn about the fundamental nature of good and bad code for both government and commercial applications.

Once trained, DeepCode will analyze new and existing software projects (both binary and source), automatically identify flawed program segments, and recommend code repairs to replace the vulnerable software components with more secure versions."

In early studies, the Draper team were able to use DeepCode to identify synthetic Advanced Persistent Threats (APTs).

"Even in the rare case that DeepCode encounters entirely novel code, the time required to manually vet a software project would be significantly reduced by limiting offline analysis to the novel region -- reducing the software assurance workload by several orders of magnitude," Draper says.

See also: Cyberattacks caused the leak of one billion records in 2014

The DeepCode team includes Prof. Andrew Ng, founder of the "Google Brain" project and co-founder of MOOC provider Coursera. DeepCode is being developed under contract to the US Air Force Research Laboratory and DARPA.

According to antivirus provider McAfee (.PDF), cybercrime is estimated to cost the global economy upwards of $445 billion a year, including both criminal gains and the cost to businesses.

Read on: In the world of security

Read on: Fixes and Flaws

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All