It has become increasingly important for developers to create robust software programs, not only in the face of sophisticated security threats, but also to compete with similar programs. Software vulnerabilities, whether benign software code defects (e.g., bugs) or exploitable software code, may cause a loss in revenue as well as market share. For these reasons, the developers continually work at detecting and mitigating both known and unknown software vulnerabilities as soon as possible.
Many security threat detection systems utilize signature-based techniques that fail to recognize variants. Furthermore, these systems are reactive and wait for the security threat to be recognized before a security expert is able to build an identifying signature. Because there is no generic way to match the security threat back to the specific software vulnerability being exploited, a custom signature is written for each known software vulnerability.
Unknown software vulnerabilities present an even more difficult problem to detect and mitigate. Some developers deploy various computing environments to the Internet that are deliberately unsecure (commonly referred to as “HoneyPots”) for the purpose of catching infections as quickly as a security threat is released. These computing environments typically hook the operating system and use heuristics to detect that an infection has occurred. Such a heuristic approach, however, tends to noisy and may be easily circumvented. Therefore, conventional software vulnerability detection systems are unable to measure up to the complexity and adaptability of current software threats.