Automatic Vulnerability Scanning and Verification (AVSV)
Developing secure software
Software has become an essential part of everyday life, either as a desktop or a web application, or as a mobile app. Modern software systems manage critical operations and process a multitude of sensitive data, the manipulation, loss or exposure of which could result in severe consequences for businesses, authorities or individuals. That is why security vulnerabilities in software pose one of the biggest challenges for the IT industry. At the same time, software architectures are becoming ever more complex and may span across multiple programming languages and platforms. In addition, agile development processes, driven by time-to-market, require continuous security checks right in the development phase. Classic security analyses cannot keep up with these developments.
ATHENE is working on effective, innovative processes and tools for automated vulnerability detection in software to expose security loopholes in complex systems and review their actual exploitability on an automated basis. The goal is to reduce the number of "false positives", i.e. of tests whose results have been wrongfully categorised as positive. Developers and security specialists are to be provided with as much detailed information as possible on the individual vulnerabilities, to enable them to evaluate and close the holes efficiently and in a timely manner.