An Overview of Source Code Audit

被引：3

作者：

Xiang Lingzi ^{[1
]}

Lin Zhi ^{[1
]}

机构：

[1] Natl Engn Res Ctr Informat Secur, Beijing, Peoples R China

来源：

2015 INTERNATIONAL CONFERENCE ON INDUSTRIAL INFORMATICS - COMPUTING TECHNOLOGY, INTELLIGENT TECHNOLOGY, INDUSTRIAL INFORMATION INTEGRATION (ICIICII) | 2015年

关键词：

source code review; static analysis; information security;

D O I：

10.1109/ICIICII.2015.94

中图分类号：

TP39 [计算机的应用];

学科分类号：

081203 ; 0835 ;

摘要：

Software vulnerability reports and reports of software exploitations continue to grow at an alarming rate in recent years. Many security issues are appeared in codes. The source code audit can improve the source code quality and avoid potential vulnerabilities in application system. This paper firstly expounded the principles of code audit and the purpose of Code audit is to make sure developers strictly follow the security technology, also briefly introducing the CERT secure coding standards which provide a detailed enumeration of coding errors that have caused vulnerabilities. Next, summarized the audit methods and techniques and compared the analysis tools for source code audit, then, show the value and significance of code audit. Finally, the development trend of audit technology is estimated

引用

页码：26 / 29

页数：4

共 14 条

[1]

Bao Jianmin, 2014, P 2014 IEEE 5 INT C, P4

[2]

Fang Kaibin, 2013, CHINA INSPECTION QUA, V11, P31

[3]

[李健 Li Jian], 2014, [中国安全生产科学技术, Journal of Safety Science and Technology], V10, P142

[4]

LI Zhongyuan, 2014, WUHAN U J NATURAL SC, V06, P489

[5]

long Zhou Kuan, 2012, COMPUTER ENG DESIGN, V06

[6]

LU Xiangyan, SCH COMPUTER ELECT I

[7]

Ma Yuanyuan, 2015, J MODERN ELECT TECHN, V12, P83

[8]

Meng Yunxiu, 2013, J HEBEI ACAD SCI, V11, P16

[9]

Qin Xiaojun, 2014, CHINESE SCI INFORM S, V01, P108

[10]

Tan Liang Yeyu Xu, 2013, COMPUTER SECURITY, V12, P32

← 1 2 →