Researchers Find Bugs Using Single-Codebase Inconsistencies
A Northeastern University research team finds code defects and some vulnerabilities by detecting when programmers used different code snippets to perform the same functions.
Repeatable, consistent programming is considered a best practice in software development, and it becomes increasingly important as the size of a development team grows. Now, research from Northeastern University shows that detecting inconsistent programming code snippets that implement the same functions in different ways can also be used to find bugs and, potentially, vulnerabilities.
In a paper to be presented at the USENIX Security Conference in August, a team of researchers from the university used machine learning to find bugs by first identifying code snippets that implemented the same functionality and then comparing the code to determine inconsistencies. The project, dubbed Functionally-similar yet Inconsistent Code Snippets (FICS)