SentinelForge

Inspiration

Security is often a low priority in software engineering, where engineers focus to deliver the product as soon as possible.

More or less, neglecting security practices poses many potential risks, including costing money to business.

This AI product aims to help developers implement software with better awareness of security practices.

What it does

An AI model that analyzes your code statically, dynamically with functionality of red teaming with leverage in Reinforcement Learning, thus suggest code/practices to take for the code exposed by possible vulnerabilities.

How we built it

Each functionality has its own AI model, with static analysis being a classification problem statement, while dynamic execution analysis and red teaming are based on Reinforcement Learning.

The data generated on code built by engineers with possible vulnerabilities, as well as learning known vulnerabilities (CVE).

Challenges we ran into

Developing three models were not easy, and compilation/generation of data, as well as provision of a full problem statement for a Red Teaming model is not easy due to the limited time available. Nevertheless, I believe this was a sounding idea to strengthen software security.

Accomplishments that we're proud of

Initial PoC of static analysis, with capability to analyze code with high credibility.

What we learned

We understood deeply the cybersecurity landscape when applicable to software engineering. We also came to realization how complicated the security world is and there is a need to raise awareness of it in terms of software engineering.