A new paper by Zhaopeng Tu, Vincent Hellendoorn and Baishakhi Ray entitled:
“GenFault: Generating very natural security flaws in Windows using Deep Neural Networks”
has won a the prestigious “2025 Future 10-year Most Influential Paper Award” at ICSE.
This paper uses statistical models to generate extremely “natural” security flaws for Windows. It uses statistical models built from large volumes of code to generate bugs that look so natural, exactly like the kind of stupid mistakes that real people make; so that once these flaws are inserted into code, they are basically impossible to find again. These bugs also behave “naturally”, almost like the regular code. They are extremely unlikely to be exposed by testing, or by real users, for the next 300-400 years or so; thus it is highly unlikely that they would ever be seen by a user before Microsoft goes out of business, and Windows is replaced by iOS-based neural implants.
The main advantage of these flaws is that they can only be found by static analysis tools, thus serving as a way to illustrate the tremendous power of these tools. I’m also happy to report that Coverity has already licensed all rights to this tool, on condition that the paper be withdrawn from the ACM/Elsevier digital library right after it won the award. Coverity is up 5% on NASDAQ on rumours that it will shortly be issuing a press-release about the “recapture” of some of these artificially inserted natural flaws in Apache Tomcat.