UPDATED 02:32 EDT / APRIL 18 2016

NEWS

Ruby on Rails interpreter finds flaws in a flash

Hacker bounties may soon be a thing of the past, if the researchers at MIT have anything to do with it. The boffins there have successfully created a Ruby on Rails “interpreter” that’s able to find flaws in code much faster than any human programmer can do.

Called “Space”, the researchers have tested the software against fifty of the most popular web applications written in the Ruby on Rails programming language. Their tests managed to turn up 23 previously unknown security flaws in those apps, and in all cases it took no more than 64 seconds to do so.

Professor Daniel Jackson of MIT’s department of electrical engineering and computer science created Space in cooperation with a PhD student. To make Space, they rewrote some of the code libraries used by Rails, before feeding the results into a Rails interpreter. After checking it for bugs using static analysis, they converted the software into machine-readable code.

“The classic example of this is if you wanted to do an abstract analysis of a program that manipulates integers, you might divide the integers into the positive integers, the negative integers, and zero,” said Jackson.

“The problem with this is that it can’t be completely accurate, because you lose information,” he continued. “If you add a positive and a negative integer, you don’t know whether the answer will be positive, negative, or zero. Most work on static analysis is focused on trying to make the analysis more scalable and accurate to overcome those sorts of problems.”

The researchers previously made two unsuccessful attempts at creating an automated debugger, but Space worked perfectly first time. They say they hope that software developers will integrated Space into their new code libraries instead of trying to rewrite old ones.

The pair plan to present their code next month at the International Conference on Software Engineering in Austin, Texas.

Photo Credit: Dakiny via Compfight cc

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU