In biology, a vaccine is a weakened strain of viruses or bacteria which is intentionally injected into the body for the purpose of stimulating antibody production. The immunity generated in this way will protect the body from the same type of viruses in the future. Inspired by this idea, this research aims at developing techniques that automatically generate vaccine exploits to detect and diagnose vulnerabilities inside commodity software, and protect them from potential exploits through vulnerability-specific signatures. An example of such a vaccine is a ""weakened"" buffer-overflow exploit with its jump address scrambled: it causes an exception to a vulnerable program when attempting to hijack the program's control flow, from which a forensic analysis can uncover the underlying vulnerability. The idea of vaccines offers an innovative avenue to address the grave threat posed by software security flaws, which has been fundamentally hampering the progress of the Internet. This project develops vaccine techniques to protect vulnerable software in both reactive and proactive fashions. Reactive vaccines can quickly detect zero-day exploits and generate signatures without reliance on source or binary code. The project focuses on applying the technique to protect Internet services. Proactive vaccines are used for automatically discovering software vulnerabilities from the sources such as software patches and creating tentative remedies. This technique enables timely protection of vulnerable software even before the attacker can figure out an exploit. This research also provides a great opportunity to foster the education missions in the area of Security Informatics.