C# Taint Analysis and Augmenting Static Analysis with Large Language Models
Few static analysis tools exist for detecting security-critical issues in .NET, and fewer yet which can be deployed at build-time. In the first part of the talk, we discuss the work required to support taint analysis with Infer#, one of the first scalable tools for statically detecting .NET security issues. We outline themes that we hope will prove useful for other frontend developers wishing to improve taint support. In the second part of this talk, we consider the significant recent progress in Large Language Models and the opportunities they present when used for program repair and defect summarization, specifically in conjunction with Infer.
Sun 18 JunDisplayed time zone: Eastern Time (US & Canada) change
14:00 - 15:30
|Lineage, a Data-Flow Analysis for ErlangVirtual
|C# Taint Analysis and Augmenting Static Analysis with Large Language ModelsVirtual
Matthew Jin Microsoft Corporation