Can Language Models Help to Design more Cybersecure Software?
Miroslaw Staron (Chalmers)
Working with cybersecurity entails analysis of source code and identifying vulnerabilities in the code base. Usually, this is done using dedicated tools and/or during dedicated testing scenarios. The analyses are based on pre-defined rules, developed by cybersecurity specialists and security engineers. However, the number of cybersecurity threats grows faster than the number of tools and rules defined in them. In this talk, we explore the idea of using modern language models (e.g., GPT-3) to design tools for identifying vulnerabilities based on parsing source code provided in CVE/CWEs. As these models have shown large potential for identifying similarities in other use cases (e.g., to identify design patterns), there is a potential for use of these models to find cybersecurity vulnerabilities in source code.
Miroslaw Staron is a Professor in Software Engineering at the Department of Computer Science and Engineering at the University of Gothenburg, Sweden. He obtained his PhD in Software Engineering in 2005 from Blekinge Institute of Technology. His research interests are centered around industrial software engineering with the emphasis on software metrics, measurement processes and model driven software engineering. Dr. Staron has been collaborating with Ericsson, Volvo Information Technology, Telelogic, Volvo Car Corporation, RUAG Space and recently Saab AB.
