Hacker bounties may soon be a thing of the past, if the researchers at MIT have anything to do with it. The boffins there have successfully created a Ruby on Rails “interpreter” that’s able to find flaws in code much faster than any human programmer can do.

Called “Space”, the researchers have tested the software against fifty of the most popular web applications written in the Ruby on Rails programming language. Their tests managed to turn up 23 previously unknown security flaws in those apps, and in all cases it took no more than 64 seconds to do so.

Professor Daniel Jackson of MIT’s department of electrical engineering and computer science created Space in cooperation with a PhD student. To make Space, they rewrote some of the code libraries used by Rails, before feeding the results into a Rails interpreter. After checking it for bugs using static analysis, they converted the software into machine-readable code.

“The classic example of this is if you wanted to do an abstract analysis of a program that manipulates integers, you might divide the integers into the positive integers, the negative integers, and zero,” said Jackson.

“The problem with this is that it can’t be completely accurate, because you lose information,” he continued. “If you add a positive and a negative integer, you don’t know whether the answer will be positive, negative, or zero. Most work on static analysis is focused on trying to make the analysis more scalable and accurate to overcome those sorts of problems.”

The researchers previously made two unsuccessful attempts at creating an automated debugger, but Space worked perfectly first time. They say they hope that software developers will integrated Space into their new code libraries instead of trying to rewrite old ones.

The pair plan to present their code next month at the International Conference on Software Engineering in Austin, Texas.

Photo Credit: Dakiny via Compfight cc