Detecting vulnerabilities in code has been a problem facing the software development community for decades. Undetected weaknesses in production code can become attack entry points if detected and exploited by attackers. Such vulnerabilities can greatly damage the reputation of the company releasing the software and, potentially, the operational and financial well-being of the companies that installed the software and suffered from the attack. The magnitude of this problem keeps growing. In 2020, the US-CERT database confirmed 17,447 new vulnerabilities; a record number for the fourth year running.
The software development community has developed a variety of methods for detecting those weaknesses before they get into production code. Every piece of code goes through thorough static scanning, dynamic scanning and penetration testing before it is released into a product. But these scans still suffer from false positives, false negatives and long run times, making the security process a burden on the development team.
Deeper Into Transfer Learning
Recently, extensive research has been conducted on how to leverage artificial intelligence (AI) and deep learning techniques to analyze and generate code. The main challenge in this domain has been figuring out how to leverage and include years of knowledge amassed by code experts into deep learning models. Some of the research approaches the challenge from the data generation point of view to solve the problem of creating and labeling samples; some design specific deep networks to solve the problems that arise from code structure and semantics; while others design feature extraction techniques to solve the problems of parsing code using AI.
Transfer learning ..
Support the originator by clicking the read the rest link below.
