
End to End Prediction of Buffer Overruns from Code via Neural Memory Networks - DanielRibeiro
https://arxiv.org/abs/1703.02458
======
chatmasta
This is really cool. I've spent some time thinking about a similar idea in the
past [0].

My idea was to parse the CVE database for bugs in open source code, then
identify the patches used to fix the bugs. From the patch data, you can get an
efficient diff of what the "vulnerable" code looks like and what the "fix" for
it looks like. You can then convert the code to abstract syntax tree or feed
it to a static analysis engine to use as "signals" in training a machine
learning algorithm. Then you can apply the machine learning algorithm to open
source databases and identify possibly vulnerable code paths.

Looks like this paper had success doing something similar. Awesome!

[0]
[https://news.ycombinator.com/item?id=11573547](https://news.ycombinator.com/item?id=11573547)

------
bitwize
The first thing it learns is to check if the source is in Rust and if so,
vastly reduce the likelihood of a buffer overrun.

~~~
wyldfire
Groan. Rust fanboy here, but c'mon. Are you a member of the "Rust Evangelism
Strikeforce" (as seen at [http://n-gate.com/](http://n-gate.com/))?

