Effect of Static Analysis Tools on Software Security: Preliminary Investigation

被引：0

作者：

Okun, Vadim ^{[1
]}

Guthrie, William F. ^{[1
]}

Gaucher, Romain ^{[1
]}

Black, Paul E. ^{[1
]}

机构：

[1] Natl Inst Stand & Technol, Gaithersburg, MD 20899 USA

来源：

QOP'07: PROCEEDINGS OF THE 2007 ACM WORKSHOP ON QUALITY OF PROTECTION | 2007年

关键词：

Software Security; Static Analysis Tools; Vulnerability;

D O I：

暂无

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Static analysis tools can handle large-scale software and find thousands of defects. But do they improve software security? We evaluate the effect of static analysis tool use on software security in open source projects. We measure security by vulnerability reports in the National Vulnerability Database.

引用

页码：1 / 5

页数：5

共 50 条

[1] Evaluation of Static Analysis Tools for Software Security [J].

AlBreiki, Hamda Hasan ;

Mahmoud, Qusay H. .

2014 10TH INTERNATIONAL CONFERENCE ON INNOVATIONS IN INFORMATION TECHNOLOGY (IIT), 2014, :93-98

[2] FOSS Version Differentiation as a Benchmark for Static Analysis Security Testing Tools [J].

Pashchenko, Ivan .

ESEC/FSE 2017: PROCEEDINGS OF THE 2017 11TH JOINT MEETING ON FOUNDATIONS OF SOFTWARE ENGINEERING, 2017, :1056-1058

[3] Understanding How to Use Static Analysis Tools for Detecting Cryptography Misuse in Software [J].

Braga, Alexandre ;

Dahab, Ricardo ;

Antunes, Nuno ;

Laranjeiro, Nuno ;

Vieira, Marco .

IEEE TRANSACTIONS ON RELIABILITY, 2019, 68 (04) :1384-1403

[4] Delta-Bench: Differential Benchmark for Static Analysis Security Testing Tools [J].

Pashchenko, Ivan ;

Dashevskyi, Stanislav ;

Massacci, Fabio .

11TH ACM/IEEE INTERNATIONAL SYMPOSIUM ON EMPIRICAL SOFTWARE ENGINEERING AND MEASUREMENT (ESEM 2017), 2017, :163-168

[5] Software Security Static Analysis False Alerts Handling Approaches [J].

Akremi, Aymen .

INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2021, 12 (11) :702-711

[6] A hierarchical model for quantifying software security based on static analysis alerts and software metrics [J].

Siavvas, Miltiadis ;

Kehagias, Dionysios ;

Tzovaras, Dimitrios ;

Gelenbe, Erol .

SOFTWARE QUALITY JOURNAL, 2021, 29 (02) :431-507

[7] A hierarchical model for quantifying software security based on static analysis alerts and software metrics [J].

Miltiadis Siavvas ;

Dionysios Kehagias ;

Dimitrios Tzovaras ;

Erol Gelenbe .

Software Quality Journal, 2021, 29 :431-507

[8] Improving software security with static automated code analysis in an industry setting [J].

Baca, Dejan ;

Carlsson, Bengt ;

Petersen, Kai ;

Lundberg, Lars .

SOFTWARE-PRACTICE & EXPERIENCE, 2013, 43 (03) :259-279

[9] Code Analysis for Software and System Security Using Open Source Tools [J].

Chahar, Chandrapal ;

Chauhan, Vishal Singh ;

Das, Manik Lal .

INFORMATION SECURITY JOURNAL, 2012, 21 (06) :346-352

[10] Benchmark Requirements for Assessing Software Security Vulnerability Testing Tools [J].

Parizi, Reza M. ;

Qian, Kai ;

Shahriar, Hossain ;

Wu, Fan ;

Tao, Lixin .

2018 IEEE 42ND ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE (COMPSAC), VOL 1, 2018, :825-826

← 1 2 3 4 5 →