System fixes bugs by importing functionality from other programs—without access to source code

[Moltuae]

Link: http://phys.org/news/2015-06-bugs-importing-functionality-programswithout-access.html

At the Association for Computing Machinery's Programming Language Design and Implementation conference this month, MIT researchers presented a new system that repairs dangerous software bugs by automatically importing functionality from other, more secure applications.

Remarkably, the system, dubbed CodePhage, doesn't require access to the source code of the applications whose functionality it's borrowing. Instead, it analyzes the applications' execution and characterizes the types of security checks they perform. As a consequence, it can import checks from applications written in programming languages other than the one in which the program it's repairing was written.

Once it's imported code into a vulnerable application, CodePhage can provide a further layer of analysis that guarantees that the bug has been repaired.

 

[ZenTree]

That's some impressive coding right there. The amount of time this could save coders (never mind the whole patching process) is impressive. I honestly thought the scan would take ages but 2 - 10 minutes is nothing. Very interesting stuff.

Thanks for sharing.

 

[OaksLabs]

So could this be used by malware writers to improve malicious code? This brings up memories of "Race to Zero" where malware had to be tweaked to avoid detection (it was a competition) and good programmers can do it really quickly.....

But I do think this is a good thing. It can be used for improving anti-malware code too, and it's just plain cool.