Award Data

Two methods for analyzing software security risks are dynamic application security testing (DAST) - an outside in perspective - and static application security testing (SAST) - and inside out perspective. Both have shortfalls. DAST findings do not give insight into the root cause, making remediation time consuming. SAST tools give you full breadth, but warn of weaknesses that are not exploitable. ...

Software is a mature discipline, yet more than 98 percent of all PCs have one or more vulnerable programs, and in the US there are 2.7 billion programs open for attack. Efforts to address the problem at the source --during software development--are shockingly inadequate, with many commercial Software Assurance tools focused on detection rather than working to become part of the development process ...

The current generation of advanced static-analysis tools find vulnerabilities by exploring all possible executions of a program as configured for a single platform. The next quantum leap in capability will be a system that will explore all executions for many different platforms simultaneously. We propose to develop such a system by combining a number of state-of-the-art techniques. Novel continuo ...

We propose to build a system that combines novel automatic test generation techniques with state-of-the-art multi-platform continuous integration technology. The proposed system will automatically generate test data by using a combination of symbolic and concrete executions to intelligently explore the space of inputs. The continuous integration technology will enable the system to detect defects ...