I'm a graduate student currently looking for a research topic in cybersecurity. I'm especially interested in analyzing source code to predict or detect vulnerabilities, but I've hit a bit of a wall and could use some fresh ideas.
If you know of any interesting or socially impactful problems—whether technical, theoretical, or policy-related—I'd really appreciate your suggestions. Anything is welcome. Thanks!
jonahbenton•6mo ago
hogexmox•6mo ago
My long-term goal is to develop a way to measure how secure a given software library or component is—essentially, to help developers assess the safety of a library before deciding to use it. Traditional vulnerability scanning hasn't been effective at uncovering unknown vulnerabilities in this context, so I’ve been exploring predictive approaches instead. In other words, I want to analyze code characteristics to estimate the likelihood of future vulnerabilities or assess the current security risk.
There are already many machine learning–based approaches for this kind of analysis, but I find myself unsure of what exactly should be done next. With the rapid advancement of LLMs, I also feel that LLM-based methods might soon overtake traditional machine learning approaches. But keeping up with LLMs is a challenge in itself, given how fast the field is evolving.
hogexmox•6mo ago
jonahbenton•6mo ago
Going after LLM generated code will present the opposite problem- instead of "oh someone is doing this and someone is doing that and so and so is doing the other thing, what could I possibly do", you have "there is this problem and this other problem and that other other thing and no one is really paying attention to any of this, how can I pick just one thing to do." Still a tough problem but a better landscape for a researcher, looking for ways to contribute. Good luck.