"Facebook Open-Sources 'Mariana Trench' Code Analysis Tool"

Facebook has open-sourced Mariana Trench, a tool that has been used to find potentially dangerous security and privacy flaws in the company's Android and Java applications. The tool has already been trained by Facebook's security and software engineers. It can scan large mobile codebases to spot flaws on pull requests. According to Facebook, users can customize the tool to look for specific vulnerabilities, even in large codebases. Users can do this by defining rules telling the tool where data comes from and where it should not go. For example, a user could set a rule specifying that they want to find intent redirections, which allow the interception of sensitive data by attackers if exploited. In this case, the user would define the rule to show traces from user-controlled sources to an intent redirection sink. This article continues to discuss the purpose, capabilities, and potential use of the Mariana Trench tool.  

Security Week reports "Facebook Open-Sources 'Mariana Trench' Code Analysis Tool"