Effect of Static Analysis Tools on Software Security: Preliminary Investigation

被引:0
|
作者
Okun, Vadim [1 ]
Guthrie, William F. [1 ]
Gaucher, Romain [1 ]
Black, Paul E. [1 ]
机构
[1] Natl Inst Stand & Technol, Gaithersburg, MD 20899 USA
来源
QOP'07: PROCEEDINGS OF THE 2007 ACM WORKSHOP ON QUALITY OF PROTECTION | 2007年
关键词
Software Security; Static Analysis Tools; Vulnerability;
D O I
暂无
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Static analysis tools can handle large-scale software and find thousands of defects. But do they improve software security? We evaluate the effect of static analysis tool use on software security in open source projects. We measure security by vulnerability reports in the National Vulnerability Database.
引用
收藏
页码:1 / 5
页数:5
相关论文
共 50 条
  • [1] Evaluation of Static Analysis Tools for Software Security
    AlBreiki, Hamda Hasan
    Mahmoud, Qusay H.
    2014 10TH INTERNATIONAL CONFERENCE ON INNOVATIONS IN INFORMATION TECHNOLOGY (IIT), 2014, : 93 - 98
  • [2] FOSS Version Differentiation as a Benchmark for Static Analysis Security Testing Tools
    Pashchenko, Ivan
    ESEC/FSE 2017: PROCEEDINGS OF THE 2017 11TH JOINT MEETING ON FOUNDATIONS OF SOFTWARE ENGINEERING, 2017, : 1056 - 1058
  • [3] Delta-Bench: Differential Benchmark for Static Analysis Security Testing Tools
    Pashchenko, Ivan
    Dashevskyi, Stanislav
    Massacci, Fabio
    11TH ACM/IEEE INTERNATIONAL SYMPOSIUM ON EMPIRICAL SOFTWARE ENGINEERING AND MEASUREMENT (ESEM 2017), 2017, : 163 - 168
  • [4] Understanding How to Use Static Analysis Tools for Detecting Cryptography Misuse in Software
    Braga, Alexandre
    Dahab, Ricardo
    Antunes, Nuno
    Laranjeiro, Nuno
    Vieira, Marco
    IEEE TRANSACTIONS ON RELIABILITY, 2019, 68 (04) : 1384 - 1403
  • [5] Software Security Static Analysis False Alerts Handling Approaches
    Akremi, Aymen
    INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2021, 12 (11) : 702 - 711
  • [6] A hierarchical model for quantifying software security based on static analysis alerts and software metrics
    Miltiadis Siavvas
    Dionysios Kehagias
    Dimitrios Tzovaras
    Erol Gelenbe
    Software Quality Journal, 2021, 29 : 431 - 507
  • [7] A hierarchical model for quantifying software security based on static analysis alerts and software metrics
    Siavvas, Miltiadis
    Kehagias, Dionysios
    Tzovaras, Dimitrios
    Gelenbe, Erol
    SOFTWARE QUALITY JOURNAL, 2021, 29 (02) : 431 - 507
  • [8] Code Analysis for Software and System Security Using Open Source Tools
    Chahar, Chandrapal
    Chauhan, Vishal Singh
    Das, Manik Lal
    INFORMATION SECURITY JOURNAL, 2012, 21 (06): : 346 - 352
  • [9] Improving software security with static automated code analysis in an industry setting
    Baca, Dejan
    Carlsson, Bengt
    Petersen, Kai
    Lundberg, Lars
    SOFTWARE-PRACTICE & EXPERIENCE, 2013, 43 (03) : 259 - 279
  • [10] Benchmark Requirements for Assessing Software Security Vulnerability Testing Tools
    Parizi, Reza M.
    Qian, Kai
    Shahriar, Hossain
    Wu, Fan
    Tao, Lixin
    2018 IEEE 42ND ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE (COMPSAC), VOL 1, 2018, : 825 - 826
12345