Software vulnerabilities are a substantial problem that exists in part due to programmer errors. A common cause is that programmers have a cognitive gap between their understanding of what actions code will perform and the actual actions the code performs. This work takes a first step toward rigorously understanding how humans think about code to (eventually) help to dramatically reduce bugs by building more human understandable programming languages and programs. This project will perform a pilot study to determine how to understand such security bugs, tease out the key aspects of them, and integrate this understanding into expert tutoring systems to help programmers detect them. Cognitive science techniques will be used to derive the core contributing issues in existing security vulnerabilities by slicing vulnerabilities into their component parts and evaluating the resulting bugs. This will create a generalized understanding of security issues which will enable easy reproduction and replication of similar source code, which is ideal input for an expert tutoring tool. The resulting expert tutoring tool will be used to evaluate the effectiveness of tutoring in helping programmers reduce reduce their susceptibility to similar bugs.
EAGER: Collaborative: Using Cognitive Techniques To Detect and Prevent Security Flaws