Towards a Block-Level ML-Based Python Vulnerability Detection Tool

Computer software is driving our everyday life, therefore their security is pivotal.
Unfortunately, security flaws are common in software systems, which can result in a variety
of serious repercussions, including data loss, secret information disclosure, manipulation, or
system failure. Although techniques for detecting vulnerable code exist, the improvement of
their accuracy and effectiveness to a practically applicable level remains a challenge. Many
existing methods require a substantial amount of human experts labor to develop attributes
that indicate vulnerabilities. In a previous work, we have shown that machine learning is
suitable for solving the issue automatically by learning features from a vast collection of realworld
code and predicting vulnerable code locations. Applying a BERT-based code embedding,
LSTM models with best hyperparameters were able to identify seven different security
flaws in Python source code with high precision (average of 91%) and recall (average of 83%).
Upon the encouraging first empirical results, we go beyond in this paper and discuss the challenges
of applying these models in practice and outlining a method that solves these issues.
Our goal is to develop a hands-on tool for developers that they can use to pinpoint potentially
vulnerable spots in their code.