Master's Thesis: Filtering and Prioritizing Software Vulnerabilities with Artificial Intelligence

The Fraunhofer-Gesellschaft (www.fraunhofer.com) currently operates 76 institutes and research units throughout Germany and is a leading applied research organization. Around 32 000 employees work with an annual research budget of 3.4 billion euros.

Welcome to the Fraunhofer Institute for Mechatronic Design IEM!
At the »Zukunftsmeile« in Paderborn, Germany, we conduct practical research to develop innovative solutions for mechanical and plant engineering, the automotive industry and related sectors. The focus is on intelligent products, production systems, services and software applications.

Numerous studies have highlighted that existing security tools are hardly used due to the lack of security awareness among developers and managers, poor usability, and insufficient expertise required to correctly use them. Many companies use Static Application Security Testing (SAST) tools to detect software security vulnerabilities, however, some developers still struggle to produce secure software because they have little or no security expertise and are often overwhelmed by the results detected by the tools.

To improve software security and cyber resilience, security tools should follow usable security principles that ensure that development teams and management are more aware of the security implications of their decisions throughout the software development lifecycle. Possible approaches that lower the barriers when using such tools could include explaining, filtering, and prioritizing the vulnerabilities detected by static analysis tools. Harnessing the capabilities of artificial intelligence in analyzing code patterns, providing context-aware suggestions, reducing false possibles and communicating with natural language, SAST tools could become more efficient and user-friendly.

What you will do

In this thesis, you will develop an AI-supported approach for filtering and prioritizing security vulnerabilities detected by SAST tools by performing the following tasks:

Research current methods and tools for improving usable security of SAST tools
Develop and evaluate a prototype that applies usable security principles and artificial intelligence to prioritize the vulnerabilities detected by SAST tools

What you bring to the table

You are studying Computer Science or a comparable course of study
Good Python and/or Java programming skills
Machine learning knowledge and experience
Experience with Static Analysis is recommended
Good language skills in German and/or English

What you can expect

A strong team culture with flat hierarchies is a matter of course for us. This means: high esteem and trust
Professional supervision and specialist support in the preparation of the student research project/thesis
Insight into the current challenges of the company
Flexible working from home to combine studies and work in the best possible way

We value and promote the diversity of our employees' skills and therefore welcome all applications - regardless of age, gender, nationality, ethnic and social origin, religion, ideology, disability, sexual orientation and identity. Severely disabled persons are given preference in the event of equal suitability.

With its focus on developing key technologies that are vital for the future and enabling the commercial utilization of this work by business and industry, Fraunhofer plays a central role in the innovation process. As a pioneer and catalyst for groundbreaking developments and scientific excellence, Fraunhofer helps shape society now and in the future.

Interested? Apply online now. We look forward to getting to know you!

Additional questions will be answered gladly by:
Mr. Oshando Johnson
Fraunhofer-Institut für Entwurfstechnik Mechatronik IEM
Zukunftsmeile 1 | 33102 Paderborn

Web: https://www.iem.fraunhofer.de/

Requisition Number: 78670

Job Segment: Testing, Machinist, Developer, Java, Technology, Manufacturing, Research

Apply now »