Effect of Static Analysis Tools on Software Security: Preliminary Investigation

被引:0
作者
Okun, Vadim [1 ]
Guthrie, William F. [1 ]
Gaucher, Romain [1 ]
Black, Paul E. [1 ]
机构
[1] Natl Inst Stand & Technol, Gaithersburg, MD 20899 USA
来源
QOP'07: PROCEEDINGS OF THE 2007 ACM WORKSHOP ON QUALITY OF PROTECTION | 2007年
关键词
Software Security; Static Analysis Tools; Vulnerability;
D O I
暂无
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Static analysis tools can handle large-scale software and find thousands of defects. But do they improve software security? We evaluate the effect of static analysis tool use on software security in open source projects. We measure security by vulnerability reports in the National Vulnerability Database.
引用
收藏
页码:1 / 5
页数:5
相关论文
共 50 条
[31]   The Architectural Review of Web Security in Static and Dynamic Analysis [J].
Wu, Raymond ;
Hisada, Masayuki .
INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2009, 9 (08) :277-286
[32]   Static and dynamic analysis for web security in industry applications [J].
Wu, Raymond ;
Hisada, Masayuki .
INTERNATIONAL JOURNAL OF ELECTRONIC SECURITY AND DIGITAL FORENSICS, 2010, 3 (02) :138-150
[33]   Detecting Software Vulnerabilities in Android Using Static Analysis [J].
Dhaya, R. ;
Poongodi, M. .
2014 INTERNATIONAL CONFERENCE ON ADVANCED COMMUNICATION CONTROL AND COMPUTING TECHNOLOGIES (ICACCCT), 2014, :915-918
[34]   Preliminary Evaluation of an Ontology-Based Contextualized Learning System for Software Security [J].
Wen, Shao-Fang ;
Katt, Basel .
PROCEEDINGS OF EASE 2019 - EVALUATION AND ASSESSMENT IN SOFTWARE ENGINEERING, 2019, :90-99
[35]   The IoTAC Software Security-by-Design Platform: Concept, Challenges, and Preliminary Overview [J].
Siavvas, Miltiadis ;
Gelenbe, Erol ;
Tsoukalas, Dimitrios ;
Kalouptsoglou, Ilias ;
Mathioudaki, Maria ;
Nakip, Mert ;
Kehagias, Dionysios ;
Tzovaras, Dimitrios .
2022 18TH INTERNATIONAL CONFERENCE ON THE DESIGN OF RELIABLE COMMUNICATION NETWORKS (DRCN), 2022,
[36]   Myths and Facts About Static Application Security Testing Tools: An Action Research at Telenor Digital [J].
Oyetoyan, Tosin Daniel ;
Milosheska, Bisera ;
Grini, Mari ;
Cruzes, Daniela Soares .
AGILE PROCESSES IN SOFTWARE ENGINEERING AND EXTREME PROGRAMMING, XP 2018, 2018, 314 :86-103
[37]   Using code reviews to automatically configure static analysis tools [J].
Zampetti, Fiorella ;
Mudbhari, Saghan ;
Arnaoudova, Venera ;
Di Penta, Massimiliano ;
Panichella, Sebastiano ;
Antoniol, Giuliano .
EMPIRICAL SOFTWARE ENGINEERING, 2022, 27 (01)
[38]   How developers engage with static analysis tools in different contexts [J].
Carmine Vassallo ;
Sebastiano Panichella ;
Fabio Palomba ;
Sebastian Proksch ;
Harald C. Gall ;
Andy Zaidman .
Empirical Software Engineering, 2020, 25 :1419-1457
[39]   How developers engage with static analysis tools in different contexts [J].
Vassallo, Carmine ;
Panichella, Sebastiano ;
Palomba, Fabio ;
Proksch, Sebastian ;
Gall, Harald C. ;
Zaidman, Andy .
EMPIRICAL SOFTWARE ENGINEERING, 2020, 25 (02) :1419-1457
[40]   Using code reviews to automatically configure static analysis tools [J].
Fiorella Zampetti ;
Saghan Mudbhari ;
Venera Arnaoudova ;
Massimiliano Di Penta ;
Sebastiano Panichella ;
Giuliano Antoniol .
Empirical Software Engineering, 2022, 27
12345