

Hacker bounties may soon be a thing of the past, if the researchers at MIT have anything to do with it. The boffins there have successfully created a Ruby on Rails “interpreter” that’s able to find flaws in code much faster than any human programmer can do.
Called “Space”, the researchers have tested the software against fifty of the most popular web applications written in the Ruby on Rails programming language. Their tests managed to turn up 23 previously unknown security flaws in those apps, and in all cases it took no more than 64 seconds to do so.
Professor Daniel Jackson of MIT’s department of electrical engineering and computer science created Space in cooperation with a PhD student. To make Space, they rewrote some of the code libraries used by Rails, before feeding the results into a Rails interpreter. After checking it for bugs using static analysis, they converted the software into machine-readable code.
“The classic example of this is if you wanted to do an abstract analysis of a program that manipulates integers, you might divide the integers into the positive integers, the negative integers, and zero,” said Jackson.
“The problem with this is that it can’t be completely accurate, because you lose information,” he continued. “If you add a positive and a negative integer, you don’t know whether the answer will be positive, negative, or zero. Most work on static analysis is focused on trying to make the analysis more scalable and accurate to overcome those sorts of problems.”
The researchers previously made two unsuccessful attempts at creating an automated debugger, but Space worked perfectly first time. They say they hope that software developers will integrated Space into their new code libraries instead of trying to rewrite old ones.
The pair plan to present their code next month at the International Conference on Software Engineering in Austin, Texas.
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.