Wats’on your bug-hunting program ..?

Tinkering with some unrelated ideas …:
How would one go about setting Watson (Clone, III) to work on bug hunting ..?
Where the Beast would be fed all sorts of past code / code patterns (source~ or executable~, or whatever style you’d prefer) with known bugs / errors / exploits and the way in which they failed, and then have the Big W scan, e.g., Win10 source code and come up with a list (in this case, assuming sufficient storage ;-| ) of bug red flags. Probably, to be classified in a range of Sure Thing, via Commonly, to Maybe. As we’re discussing patterns, certainty can’t be had for all found points of interest per se.

That being the simple part, what about automated immunization ..? If some patterns are near-certainly bugs/errors/exploit-points always, can they be plastered ex ante ..? It might be easy(er), too, to throw in an extra development test in the first place (“Sorry Dave, I can’t compile that”). But this sort of scope creep could easily lead to creepy behavior, e.g., if (??) the (??) system would get hijacked.

Oh well. Would still be glad to have your thoughts. And:
DSC_0062
[“Tin”foil hat for actual protection (well, No.), at Haut K-bourg again]

Advertisements

About maverisk

Maverisk Consultancy, IS Audit and Advisory services: Wikinomics meets governance and audit; otherwise, see my personal LinkedIn profile
This entry was posted in ERM, GRC, Information Risk Management, Information Security, Innovation (technologicallly driven) and tagged , , , , , , , . Bookmark the permalink.

Your comments are welcomed!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s