I often look back and wonder when my opinion changed about something. My ideas on top-down vs. bottom-up approaches for nurturing ideas, for example. I know I read Loonshots, and I know I read The Evolution of Everything, and I think I read them pretty close together. I credit/blame Tim Tyler for these wonderful diversions. But I also…
Microsoft is training a machine-learning system to find software bugs:
At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items get stored across over 100 AzureDevOps and GitHub repositories. To better label and prioritize bugs at that scale, we couldn’t just apply more people to the problem. However, large volumes of semi-curated data are perfect for machine learning. Since 2001 Microsoft has collected 13 million work items and bugs. We used that data to develop a process and machine learning model that correctly distinguishes between security and non-security bugs 99 percent of the time and accurately identifies the critical, high priority security bugs, 97 percent of the time.
I wrote about this in 2018:
The problem of finding software vulnerabilities seems well-suited for ML systems. Going through code line by line is just the sort of tedious problem that computers excel at, if we can only teach them what a vulnerability looks like. There are challenges with that, of course, but there is already a healthy amount of academic literature on the topic — and research is continuing. There’s every reason to expect ML systems to get better at this as time goes on, and some reason to expect them to eventually become very good at it.
Finding vulnerabilities can benefit both attackers and defenders, but it’s not a fair fight. When an attacker’s ML system finds a vulnerability in software, the attacker can use it to compromise systems. When a defender’s ML system finds the same vulnerability, he or she can try to patch the system or program network defenses to watch for and block code that tries to exploit it.
But when the same system is in the hands of a software developer who uses it to find the vulnerability before the software is ever released, the developer fixes it so it can never be used in the first place. The ML system will probably be part of his or her software design tools and will automatically find and fix vulnerabilities while the code is still in development.
Fast-forward a decade or so into the future. We might say to each other, “Remember those years when software vulnerabilities were a thing, before ML vulnerability finders were built into every compiler and fixed them before the software was ever released? Wow, those were crazy years.” Not only is this future possible, but I would bet on it.
Getting from here to there will be a dangerous ride, though. Those vulnerability finders will first be unleashed on existing software, giving attackers hundreds if not thousands of vulnerabilities to exploit in real-world attacks. Sure, defenders can use the same systems, but many of today’s Internet of Things (IoT) systems have no engineering teams to write patches and no ability to download and install patches. The result will be hundreds of vulnerabilities that attackers can find and use.
To be a Machine: Adventures Among Cyborgs, Utopians, Hackers, and the Futurists Solving the Modest Problem of Death
Price List: £12.99
Only for today on Amazon: £6.22
CGOLDENWALL Portable Mini Clothes Washer Ultrasonic Washing Machine Cleaning Machine for Laundry Home/Dorm/Travel
- 1.Super portable mini washing machine, can be put into pocket or hand bag.
- 2.The ultrasound can be used just with water, but use of a solvent appropriate for the item.
- 3. Mufti-functional: NOT ONLY for clothes, with high-frequency vibration, this mini portable washing machine also can help you to clean jewelry,glasses,fruit and tea set etc
- 4. Wifi control and two gears adjustment
- 5. Easy to operate and use
Product model: WoW-1801
Wireless charging parameters: 5V, 1-2A
Rated power: less than 24W
Net weight: 265G
Product size: 76*76*48mm
Thank you for choosing us!
All products sold by our company, we will enjoy the strict assurance of the quality and excellent service, you can feel comfortable to buy and use.
Usually it will take:
4-8 working days to deliver the package to UK,France after payment confirmed.
Price List: £335.00
Only for today on Amazon: £335.00