Project Details
Abstract
Software is often insecure, not because of individual lines of vulnerable code, but because of risky or problematic design decisions, such as a lack of authentication between services or the disclosure of too much personal data during interactions among multiple services. The DeVulnIX project addresses these software design vulnerabilities directly in source code, bypassing the time-consuming, error-prone process of creating and maintaining architectural models.
In this project, we are pursuing a hybrid approach that combines large language models (LLMs) with proven software engineering techniques. We will create an evidence-based catalog and taxonomy of common design-level vulnerabilities and proven correction patterns. Based on this, we will develop novel methods that leverage LLMs and software engineering approaches, such as static analysis, prioritization, and contextualization, to scan and summarize code, automatically reconstruct key architectural relationships, and detect design vulnerabilities across software components. Furthermore, we will develop new methods for high-quality, context-aware fix suggestions based on formal patterns, rigorous validation, and new security patch-ranking methods, supported by LLMs for code generation. Finally, we will integrate these new methods into developers’ everyday tools, such as IDEs and continuous delivery pipelines, so that security checks and corrections run continuously as the code evolves.
DeVulnIX aims to save development effort and time, reduce overlooked security issues, and make secure design the norm. All methods are empirically validated. The resulting tools, datasets, and results will be published openly to ensure reproducibility and support open science principles.
In this project, we are pursuing a hybrid approach that combines large language models (LLMs) with proven software engineering techniques. We will create an evidence-based catalog and taxonomy of common design-level vulnerabilities and proven correction patterns. Based on this, we will develop novel methods that leverage LLMs and software engineering approaches, such as static analysis, prioritization, and contextualization, to scan and summarize code, automatically reconstruct key architectural relationships, and detect design vulnerabilities across software components. Furthermore, we will develop new methods for high-quality, context-aware fix suggestions based on formal patterns, rigorous validation, and new security patch-ranking methods, supported by LLMs for code generation. Finally, we will integrate these new methods into developers’ everyday tools, such as IDEs and continuous delivery pipelines, so that security checks and corrections run continuously as the code evolves.
DeVulnIX aims to save development effort and time, reduce overlooked security issues, and make secure design the norm. All methods are empirically validated. The resulting tools, datasets, and results will be published openly to ensure reproducibility and support open science principles.
| Acronym | DeVulnIX |
|---|---|
| Status | Not started |
| Effective start/end date | 1/09/26 → 31/08/29 |