Cyber Autonomy in Software Security: Techniques and Tactics

Software security research traditionally focuses on the development of specific offense and defense techniques on software vulnerabilities. Software security techniques are useful in practice only to the extent they can be leveraged to achieve a goal. Different parties‐individuals, companies, or nations‐implement offensive and defensive techniques as components in holistic systems, and these systems strategically interact with each other.This chapter aims to introduce to the reader cyber autonomy in software security. We will offer a holistic view on this topic by presenting both techniques and tactics in software security. This chapter will introduce the high‐level model of cyber autonomy in software security and explain how techniques and tactics co‐work in software security, discuss current software security techniques (including vulnerability discovery, exploit generation, vulnerability patching, and vulnerability ricochet) and, once the readers have gained familiarity with the background and the context in software security that serves as the prerequisites for building a game theoretical model, will introduce the autonomous computer security game, which is the core of the chapter.