VeriBee: Source Code Security

Public summary

Digital technologies are the engine driving the UK's economic growth. In 2019 the digital sector contributed £151Billion in output and 1.6Million jobs. At the heart of digital technology is source code, and over the last 20 years, over 2.8Trillion lines of code have been written. Key challenges in the sector are security, quality, and plagiarism. It is estimated that small UK businesses are targeted by 65,000 cyberattacks daily, costing the average small business over £6,000. Additionally, developers spend nearly half their time dealing with maintenance issues and debugging poor-quality code.

University of Manchester spinout, VeriBee, is a novel Energy-Efficient Test Generator that exploits fuzzing and Bounded model checking (BMC) engines to detect security vulnerabilities in real-world C programs. VeriBee's technology works by first analysing and incrementally injecting goal labels into the given C program to guide BMC and Evolutionary Fuzzing engines. After that, the engines are employed for an initial period to produce the so-called smart seeds. Finally, the engines are run again, with these smart seeds as starting seeds, in an attempt to achieve maximum code coverage / find bugs. During both seed generation and normal running, coordination between the engines is aided by the Tracer subsystem. This subsystem carries out additional coverage analysis and updates a shared memory with information on goals covered so far. Furthermore, the Tracer evaluates test cases dynamically to convert cases into seeds for subsequent test fuzzing. Thus, the BMC engine can provide the seed that allows the fuzzing engine to bypass complex mathematical guards (e.g., input validation). VeriBee's AI technology outperforms the default configuration of the underlying verification engine in certain cases while concurrently diminishing resource consumption.

VeriBee aims to address critical challenges in the coding sector, and will have the following benefits to businesses:

1.Enhanced Source Code Security: The AI tool can significantly improve computer source code security. By identifying vulnerabilities, it empowers businesses to safeguard their software systems against cyber threats.
2.Reduced Maintenance Burden: With the tool’s ability to spot weaknesses, businesses can proactively address code issues. This translates to reduced maintenance time, allowing developers to focus on innovation rather than firefighting.
3.Operational Confidence: Any organization creating code wants assurance that it is safe. The AI tool not only detects vulnerabilities but also provides a pathway for repairing code. Operationalizing secure code becomes a reality.
4.Adaptability through AI: The tool leverages artificial intelligence to calibrate itself to specific codebases. This adaptability ensures efficient vulnerability detection across diverse software architectures

Category of impact	Economic, Technological
Impact level	Engagement