IBT on how MIT invented a new system capable of automated security vulnerability fixes by borrowing code from other software:

The CodePhage system is able to detect dangerous bugs in software, and then repair it by importing security checks from software with similar specifications, even if the software is written in a completely different programming language.

Even better, the system doesn’t need to access the source code of other programs in order to borrow functionality so it can fix the bugs, so all source code is kept safe.

“We have tons of source code available in open-source repositories, millions of projects, and a lot of these projects implement similar specifications,” said Stelios Sidiroglou-Douskos, a research scientist at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) who led the development of CodePhage.

“Even though that might not be the core functionality of the program, they frequently have subcomponents that share functionality across a large number of projects.”

MIT researchers’ tests found that CodePhage was able to repair serious security vulnerabilities on seven common open-source programs, taking between two to 10 minutes per repair and importing functionality from between two to four donor programs each.