VFCFinder

2024: Product Release

In early May 2024, American specialists from North Carolina State University announced the release of a specialized tool called VFCFinder to quickly make changes to open source software. This tool simplifies the deployment of security updates needed to fix vulnerabilities.

It is noted that modern open source software can contain a large number of code fragments, each of which performs a specific function. However, updating them unnecessarily can create conflicts with other software in the organization, which turns into problems in the operation of systems. The VFCFinder tool allows you to analyze open source changes and identify those fragments that have been modified to fix vulnerabilities.

Unsplash

Many open source programs are not exposed to any vulnerability, and deploying unnecessary updates in itself can cause problems for programmers. Therefore, it is important to understand which updates will actually make the software safer, "says William Enck, professor of computer science at North Carolina State University.

It is noted that for programmers using open source libraries, it is important to understand the nature of each vulnerability, including which specific code fragments lead to the problem. The VFCFinder tool is designed to solve this problem. The tool demonstrates high efficiency: it is stated that the accuracy of determining code fragments for updating is approximately 80%. The ultimate goal of the creators of VFCFinder is to reduce the security risks associated with the widespread use of open source software. The tool is available through the GitHub web service.^[1]

Notes