As technology continues to permeate daily life and critical infrastructure, the need for skilled practitioners to perform vulnerability discovery grows. Despite increased demand—exacerbated by rising cyberattacks and government calls to expand the cybersecurity workforce—vulnerability discovery remains difficult, largely manual, and inaccessible to newcomers. Automated tools exist, but adoption is low; beginners often face steep learning curves, leading to frustration and attrition.

This thesis addresses key challenges in vulnerability discovery through three studies. First, to understand low tool adoption, we conducted an open coding analysis of 288 reverse engineering tools, assessing their input/output methods and adherence to usability guidelines established in prior work. We found limited usability support, with distinct issues between dynamic and static tools. We offer design recommendations for tool developers and directions for human-computer interaction research in reverse engineering and vulnerability discovery.

Second, we focus on a particular vulnerability discovery technique, symbolic execution (SE), and investigate why this technique has seen limited adoption and declining attention from the research community. We systematized knowledge from 15 years of SE literature and developer and security professional process models, highlighting technical advances and mapped SE use cases to common developer and security workflows. We present an SE architecture model and propose future research directions to enhance SE usability and adoption.

Finally, we conducted semi-structured observational interviews with 37 novices attempting to exploit 51 programs to explore beginner struggles. We capture the questions beginners ask when identifying and exploiting vulnerabilities, how they search for answers, and the challenges they face applying them. Through qualitative coding of 3,950 events and quantitative analysis, we identified common obstacles: difficulty understanding exploits, crafting solutions, and performing technical tasks. Many failed to find help online due to limited domain vocabulary. We provide guidance for educators and resource creators to improve learning materials.

The work presented in this thesis tackles the unmet demand of the vulnerability discovery workforce in two ways: investigating how to improve the current tooling to allow security professionals to be more efficient, and exploring how to improve the security education resources to train new security professionals. We present specific recommendations for vulnerability discovery tool designers and propose new research directions to expand the use of the powerful static analysis technique, symbolic execution. We additionally propose guidelines for educators and resource creators to improve the accessibility and understandability of their materials.