Most of the current software security practices are to test the software using penetration testing at the very late stage of software development. As developers are not well trained to develop secure software, or their software security knowledge is not update, developers introduce software vulnerabilities when writing code.
The idea of this project is to prevent software vulnerability from the first place, i.e. from when developers typing code. We have studied some plugins of IDE that can help to identify vulnerabilities when developers are typing in code. We have also identified the weaknesses of the plugins and the reasons for that. In this project, we want to extend the IDE functions to add the "autofix" feature, i.e., recommend autofix suggestions to developers when the vulnerabilities in the code are identified.
The tasks will include:
- A literature review of autofix features in bug fixing and vulnerability fixing
- Propose and implement the ideas of autofix features of the plugins
- Evaluation of the efficiency and effectiveness of the autofix features
The background required for this project includes software security knowledge, compiler technology knowledge, and coding skills.