2021
1.
Nembhard, Fitzroy D.; Carvalho, Marco M.
A Smart and Defensive Human-Machine Approach to Code Analysis Proceedings Article
In: First International Workshop on Artificial Intelligence, IJCAI-ACD 2021, ijcai.org, 2021.
Abstract | BibTeX | Tags: agent, Google Assistant, NLP, virtual assistant, voice assistant, vulnerability detection
@inproceedings{IJCAINembhardCarvalho21,
title = {A Smart and Defensive Human-Machine Approach to Code Analysis},
author = {Fitzroy D. Nembhard and Marco M. Carvalho},
year = {2021},
date = {2021-08-20},
urldate = {2021-08-20},
booktitle = {First International Workshop on
Artificial Intelligence, IJCAI-ACD 2021},
publisher = {ijcai.org},
abstract = {Static analysis remains one of the most popular approaches for detecting and correcting poor or vulnerable program code. It involves the examination of code listings, test results, or other documentation to identify errors, violations of development standards, or other problems, with the ultimate goal of fixing these errors so that systems and software are as secure as possible. There exists a plethora of static analysis tools, which makes it challenging for businesses and programmers to select a tool to analyze their program code. It is imperative to find ways to improve code analysis so that it can be employed by cyber defenders to mitigate security risks. In this research, we propose a method that employs the use of virtual assistants to work with programmers to ensure that software are as safe as possible in order to protect safety-critical systems from data breaches and other attacks. The proposed method employs a recommender system that uses various metrics to help programmers select the most appropriate code analysis tool for their project and guides them through the analysis process. The system further tracks the user's behavior regarding the adoption of the recommended practices.},
keywords = {agent, Google Assistant, NLP, virtual assistant, voice assistant, vulnerability detection},
pubstate = {published},
tppubtype = {inproceedings}
}
Static analysis remains one of the most popular approaches for detecting and correcting poor or vulnerable program code. It involves the examination of code listings, test results, or other documentation to identify errors, violations of development standards, or other problems, with the ultimate goal of fixing these errors so that systems and software are as secure as possible. There exists a plethora of static analysis tools, which makes it challenging for businesses and programmers to select a tool to analyze their program code. It is imperative to find ways to improve code analysis so that it can be employed by cyber defenders to mitigate security risks. In this research, we propose a method that employs the use of virtual assistants to work with programmers to ensure that software are as safe as possible in order to protect safety-critical systems from data breaches and other attacks. The proposed method employs a recommender system that uses various metrics to help programmers select the most appropriate code analysis tool for their project and guides them through the analysis process. The system further tracks the user's behavior regarding the adoption of the recommended practices.
2.
Nembhard, Fitzroy D.; Carvalho, Marco M.
Conversational Code Analysis: The Future of Secure Coding Journal Article
In: IntechOpen, London, 2021.
Abstract | Links | BibTeX | Tags: Google Assistant, NLP, software security, virtual assistant, voice assistant, vulnerability detection
@article{nembhard2021conversational,
title = {Conversational Code Analysis: The Future of Secure Coding},
author = {Fitzroy D. Nembhard and Marco M. Carvalho},
doi = {10.5772/intechopen.98362},
year = {2021},
date = {2021-06-08},
urldate = {2021-06-08},
journal = {IntechOpen, London},
abstract = {The area of software development and secure coding can benefit significantly from advancements in virtual assistants. Research has shown that many coders neglect security in favor of meeting deadlines. This shortcoming leaves systems vulnerable to attackers. While a plethora of tools are available for programmers to scan their code for vulnerabilities, finding the right tool can be challenging. It is therefore imperative to adopt measures to get programmers to utilize code analysis tools that will help them produce more secure code. This chapter looks at the limitations of existing approaches to secure coding and proposes a methodology that allows programmers to scan and fix vulnerabilities in program code by communicating with virtual assistants on their smart devices. With the ubiquitous move towards virtual assistants, it is important to design systems that are more reliant on voice than on standard point-and-click and keyboard-driven approaches. Consequently, we propose MyCodeAnalyzer, a Google Assistant app and code analysis framework, which was designed to interactively scan program code for vulnerabilities and flaws using voice commands during development. We describe the proposed methodology, implement a prototype, test it on a vulnerable project and present our results.},
keywords = {Google Assistant, NLP, software security, virtual assistant, voice assistant, vulnerability detection},
pubstate = {published},
tppubtype = {article}
}
The area of software development and secure coding can benefit significantly from advancements in virtual assistants. Research has shown that many coders neglect security in favor of meeting deadlines. This shortcoming leaves systems vulnerable to attackers. While a plethora of tools are available for programmers to scan their code for vulnerabilities, finding the right tool can be challenging. It is therefore imperative to adopt measures to get programmers to utilize code analysis tools that will help them produce more secure code. This chapter looks at the limitations of existing approaches to secure coding and proposes a methodology that allows programmers to scan and fix vulnerabilities in program code by communicating with virtual assistants on their smart devices. With the ubiquitous move towards virtual assistants, it is important to design systems that are more reliant on voice than on standard point-and-click and keyboard-driven approaches. Consequently, we propose MyCodeAnalyzer, a Google Assistant app and code analysis framework, which was designed to interactively scan program code for vulnerabilities and flaws using voice commands during development. We describe the proposed methodology, implement a prototype, test it on a vulnerable project and present our results.