A 96% precision·recall rate in detecting vulnerable codes
Unidentified open source· and commercial SW Analysis
Proactive cybersecurity threats remediationMOVERY Main Features
Korean researchers have developed a technology that finds software vulnerabilities up to six times better than existing technologies.
Professor Lee Heejo’s Korea University Research Team presented the vulnerability detection tool ‘MOVERY’ and proved its efficiency in ‘USENIX Security 2022‘ the world’s most prestigious security conference held in Boston, US.
MOVERY is a tool that detects vulnerable modified code clones that spread in various code applications with high accuracy. It recorded 96% precision and recall rates, making MOVERY vulnerability detection 6 times as efficient.
MOVERY, during the test, has successfully detected open source software vulnerabilities spread from Git and LibGDX. It also detected more than 400 vulnerable codes from 10 highly popular open source software in Github. They reported as highly dangerous vulnerabilities needing improvements.
The research team has also found that more than 90% of the disclosed vulnerable codes spread to other softwares in completely different code applications. These vulnerabilities are not only difficult to detect, but can also threaten the overall software security, leading to issues such as financial loss or personal information leakage.
The research team explained that MOVERY is effective in detecting unidentified software components vulnerabilities.
Dr. Woo Seunghoon, the first author and member of the research team, elaborated more on MOVERY saying: “MOVERY’s code-level detection abilities can only be used on open source but also on commercial softwares hidden vulnerabilities,” and added “it is meaningful as it provides an opportunity to proactively respond to security threats”.
The research team also supports the commercialization of innovative technologies that were presented in conferences including MOVERY.
Various software analysis technologies are released free of charge on IOTCUBE, an automatic vulnerability analysis platform, and anyone can give a free trial by drag and drop.
Translation from ET News (Korean):