Effect of Static Analysis Tools on Software Security: Preliminary Investigation

被引:0
作者
Okun, Vadim [1 ]
Guthrie, William F. [1 ]
Gaucher, Romain [1 ]
Black, Paul E. [1 ]
机构
[1] Natl Inst Stand & Technol, Gaithersburg, MD 20899 USA
来源
QOP'07: PROCEEDINGS OF THE 2007 ACM WORKSHOP ON QUALITY OF PROTECTION | 2007年
关键词
Software Security; Static Analysis Tools; Vulnerability;
D O I
暂无
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Static analysis tools can handle large-scale software and find thousands of defects. But do they improve software security? We evaluate the effect of static analysis tool use on software security in open source projects. We measure security by vulnerability reports in the National Vulnerability Database.
引用
收藏
页码:1 / 5
页数:5
相关论文
共 50 条
  • [21] Enhancing Security Assurance in Software Development: AI-Based Vulnerable Code Detection with Static Analysis
    Rajapaksha, Sampath
    Senanayake, Janaka
    Kalutarage, Harsha
    Al-Kadri, Mhd Omar
    COMPUTER SECURITY. ESORICS 2023 INTERNATIONAL WORKSHOPS, CPS4CIP, PT II, 2024, 14399 : 341 - 356
  • [22] Web Application Security: An Investigation on Static Analysis with other Algorithms to Detect Cross Site Scripting
    Marashdih, Abdalla Wasef
    Zaaba, Zarul Fitri
    Suwais, Khaled
    Mohd, Nur Azimah
    FIFTH INFORMATION SYSTEMS INTERNATIONAL CONFERENCE, 2019, 161 : 1173 - 1181
  • [23] On the Detection and Analysis of Software Security Vulnerabilities
    Wijesiriwardana, Chaman
    Wimalaratne, Prasad
    2017 IEEE INTERNATIONAL CONFERENCE ON IOT AND ITS APPLICATIONS (IEEE ICIOT), 2017,
  • [24] A qualitative analysis of software security patterns
    Halkidis, Spyros T.
    Chatzigeorgiou, Alexander
    Stephanides, George
    COMPUTERS & SECURITY, 2006, 25 (05) : 379 - 392
  • [25] Constructing Benchmarks for Supporting Explainable Evaluations of Static Application Security Testing Tools
    Hao, Gaojian
    Li, Feng
    Huo, Wei
    Sun, Qing
    Wang, Wei
    Li, Xinhua
    Zou, Wei
    2019 13TH INTERNATIONAL SYMPOSIUM ON THEORETICAL ASPECTS OF SOFTWARE ENGINEERING (TASE 2019), 2019, : 65 - 72
  • [26] Practical Evaluation of Static Analysis Tools for Cryptography: Benchmarking Method and Case Study
    Braga, Alexandre
    Dahab, Ricardo
    Antunes, Nuno
    Laranjeiro, Nuno
    Vieira, Marco
    2017 IEEE 28TH INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING (ISSRE), 2017, : 170 - 181
  • [27] Comparison of static analysis tools for finding concurrency bugs
    Manzoor, Numan
    Munir, Hussan
    Moayyed, Misagh
    23RD IEEE INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING WORKSHOPS (ISSRE 2012), 2012, : 129 - 133
  • [28] Improving software security with a C pointer analysis
    Avots, D
    Dalton, M
    Livshits, VB
    Lam, MS
    ICSE 05: 27TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, PROCEEDINGS, 2005, : 332 - 341
  • [29] A Static Analysis Platform for Investigating Security Trends in Repositories
    Sonnekalb, Tim
    Knaust, Christopher-Tobias
    Gruner, Bernd
    Brust, Clemens-Alexander
    von Kurnatowski, Lynn
    Schreiber, Andreas
    Heinze, Thomas S.
    Maeder, Patrick
    2023 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON SOFTWARE VULNERABILITY, SVM, 2023, : 1 - 5
  • [30] Static and Dynamic Analysis for Web Security in Generic Format
    Wu, Raymond
    Hisada, Masayuki
    Ranaweera, Rasika
    GLOBAL SECURITY, SAFETY, AND SUSTAINABILITY, PROCEEDINGS, 2009, 45 : 233 - +
12345