Today’s popular bug finders catch only about two percent of the vulnerabilities lurking in software code, researchers have found, despite the millions of dollars companies spend on them each year.
Bug finders are commonly used by software engineers to root out problems in code that could turn into vulnerabilities. They’ll typically report back how many bugs they found — what you don’t know is how many were missed, leaving success rates an open mystery.
So researchers at New York University’s Tandon School of Engineering in collaboration with the MIT Lincoln Laboratory and Northeastern University decided to find out how much they are missing.
To read this article in full or to leave a comment, please click here