Active automata learning is emerging as an effective technique for obtaining state machine models of software and hardware systems. In this talk, I will present an overview of work in my group in which we used automata learning to find standard violations and security vulnerabilities in implementations of network protocols such as TCP, TLS, and SSH. Also, I will discuss the application of automata learning to support refactoring of legacy embedded control software, and the theoretical challenges that we face to further scale the application of automata learning techniques.