Software permeates every aspect of our world, from our homes to the critical infrastructure. As the size and complexity of software systems increase, the number and sophistication of software security flaws increase as well. Because of the potentially catastrophic effect of the exploitation of these vulnerabilities, a substantial amount of resources is devoted to finding these flaws before they are discovered by attackers and exploited in the wild.

A particularly challenging task is the identification of vulnerabilities in binary programs. The current state-of-the-art in vulnerability analysis and patching of binaries provides support to a human analyst through a number of tools. However, this approach requires highly skilled humans to orchestrate the application of tools and compose their results.

Recently, UCSB Department of Computer Science Professors received a new NSF grant to study augmenting automated vulnerability with human activity. More specifically, they proposed a paradigm shift, from human-centric/tool-assisted analysis to tool-centric/human-assisted analysis. In this framework, human actions are leveraged in order to improve the capabilities of automated vulnerability analysis systems.