Master's Thesis: Filtering and Prioritizing Software Vulnerabilities with Artificial Intelligence

Welcome to the Fraunhofer Institute for Mechatronic Design IEM!
At the »Zukunftsmeile« in Paderborn, Germany, we conduct practical research to develop innovative solutions for mechanical and plant engineering, the automotive industry and related sectors. The focus is on intelligent products, production systems, services and software applications.
 

Numerous studies have highlighted that existing security tools are hardly used due to the lack of security awareness among developers and managers, poor usability, and insufficient expertise required to correctly use them. Many companies use Static Application Security Testing (SAST) tools to detect software security vulnerabilities, however, some developers still struggle to produce secure software because they have little or no security expertise and are often overwhelmed by the results detected by the tools.
 

To improve software security and cyber resilience, security tools should follow usable security principles that ensure that development teams and management are more aware of the security implications of their decisions throughout the software development lifecycle. Possible approaches that lower the barriers when using such tools could include explaining, filtering, and prioritizing the vulnerabilities detected by static analysis tools. Harnessing the capabilities of artificial intelligence in analyzing code patterns, providing context-aware suggestions, reducing false possibles and communicating with natural language, SAST tools could become more efficient and user-friendly.

What you will do

In this thesis, you will develop an AI-supported approach for filtering and prioritizing security vulnerabilities detected by SAST tools by performing the following tasks: 

• Research current methods and tools for improving usable security of SAST tools
• Develop and evaluate a prototype that applies usable security principles and artificial intelligence to prioritize the vulnerabilities detected by SAST tools

What you bring to the table

• You are studying Computer Science or a comparable course of study   
• Good Python and/or Java programming skills   
• Machine learning knowledge and experience 
• Experience with Static Analysis is recommended 
• Good language skills in German and/or English

What you can expect

• A strong team culture with flat hierarchies is a matter of course for us. This means: high esteem and trust
• Professional supervision and specialist support in the preparation of the student research project/thesis
• Insight into the current challenges of the company
• Flexible working from home to combine studies and work in the best possible way

We value and promote the diversity of our employees' skills and therefore welcome all applications - regardless of age, gender, nationality, ethnic and social origin, religion, ideology, disability, sexual orientation and identity. Severely disabled persons are given preference in the event of equal suitability. 

With its focus on developing key technologies that are vital for the future and enabling the commercial utilization of this work by business and industry, Fraunhofer plays a central role in the innovation process. As a pioneer and catalyst for groundbreaking developments and scientific excellence, Fraunhofer helps shape society now and in the future. 

Interested? Apply online now. We look forward to getting to know you!

Additional questions will be answered gladly by: 
Mr. Oshando Johnson 
Fraunhofer-Institut für Entwurfstechnik Mechatronik IEM
Zukunftsmeile 1 | 33102 Paderborn

Web: https://www.iem.fraunhofer.de/

Requisition Number: 78670