1. Field of the Invention
The invention relates to computer system security and more particularly to a method and system that detects computer source code vulnerabilities, which may pose security risks.
2. Discussion of Related Art
One of the problems associated with developing computer programs is the difficulty in detecting “vulnerabilities” in the programs. As used herein, the term “vulnerability” refers to a section of user source code which, when executed, has the potential to allow external inputs to cause improper or undesired execution. Typical vulnerabilities include buffer overflow; race conditions; and privilege escalation, each of which poses a vulnerability to the desired, controlled execution of the program. Reviewing source code for vulnerabilities is a difficult, time-consuming process. It requires a full understanding of all potential vulnerabilities, how to spot them, and how to fix them.
Prior methods of detecting vulnerabilities in source code include conducting a lexical analysis of the source code. This involves conducting a search of well-known vulnerabilities and pointing them out as potential vulnerabilities. A problem with this method is that it generates too many false positives. Another method involves conducting a manual, line-by-line analysis of the code. However, this method is very labor intensive.