Effect of Static Analysis Tools on Software Security: Preliminary Investigation

被引:0
作者
Okun, Vadim [1 ]
Guthrie, William F. [1 ]
Gaucher, Romain [1 ]
Black, Paul E. [1 ]
机构
[1] Natl Inst Stand & Technol, Gaithersburg, MD 20899 USA
来源
QOP'07: PROCEEDINGS OF THE 2007 ACM WORKSHOP ON QUALITY OF PROTECTION | 2007年
关键词
Software Security; Static Analysis Tools; Vulnerability;
D O I
暂无
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Static analysis tools can handle large-scale software and find thousands of defects. But do they improve software security? We evaluate the effect of static analysis tool use on software security in open source projects. We measure security by vulnerability reports in the National Vulnerability Database.
引用
收藏
页码:1 / 5
页数:5
相关论文
共 50 条
[41]   A Graph-Based Approach for Analysis of Software Security [J].
Lunkeit, Armin .
RISK ASSESSMENT AND RISK-DRIVEN TESTING, RISK 2013, 2014, 8418 :68-79
[42]   Security vulnerabilities in healthcare: an analysis of medical devices and software [J].
Carlos M. Mejía-Granda ;
José L. Fernández-Alemán ;
Juan M. Carrillo-de-Gea ;
José A. García-Berná .
Medical & Biological Engineering & Computing, 2024, 62 :257-273
[43]   A software security assessment system based on analysis of vulnerabilities [J].
Sui, Chenmeng ;
Liu, Yanzhao ;
Liu, Yun .
Journal of Convergence Information Technology, 2012, 7 (06) :211-219
[44]   Security vulnerabilities in healthcare: an analysis of medical devices and software [J].
Mejia-Granda, Carlos M. ;
Fernandez-Aleman, Jose L. ;
Carrillo-de-Gea, Juan M. ;
Garcia-Berna, Jose A. .
MEDICAL & BIOLOGICAL ENGINEERING & COMPUTING, 2024, 62 (01) :257-273
[45]   Software Vulnerability Detection Methodology Combined with Static and Dynamic Analysis [J].
Kim, Seokmo ;
Kim, R. Young Chul ;
Park, Young B. .
WIRELESS PERSONAL COMMUNICATIONS, 2016, 89 (03) :777-793
[46]   A survey of static code analysis methods for security vulnerabilities detection [J].
Kulenovic, Melina ;
Donko, Dzenana .
2014 37TH INTERNATIONAL CONVENTION ON INFORMATION AND COMMUNICATION TECHNOLOGY, ELECTRONICS AND MICROELECTRONICS (MIPRO), 2014, :1381-1386
[47]   Static Analysis-Based Approaches for Secure Software Development [J].
Siavvas, Miltiadis ;
Gelenbe, Erol ;
Kehagias, Dionysios ;
Tzovaras, Dimitrios .
SECURITY IN COMPUTER AND INFORMATION SCIENCES, EURO-CYBERSEC 2018, 2018, 821 :142-157
[48]   Software Vulnerability Detection Methodology Combined with Static and Dynamic Analysis [J].
Seokmo Kim ;
R. Young Chul Kim ;
Young B. Park .
Wireless Personal Communications, 2016, 89 :777-793
[49]   Automatic mapping of configuration options in software using static analysis [J].
Wang, Junyong ;
Baker, Thar ;
Zhou, Yingnan ;
Awad, Ali Ismail ;
Wang, Bin ;
Zhu, Yongsheng .
JOURNAL OF KING SAUD UNIVERSITY-COMPUTER AND INFORMATION SCIENCES, 2022, 34 (10) :10044-10055
[50]   The Effect of Liability and Patch Release on Software Security: The Monopoly Case [J].
Kim, Byung Cho ;
Chen, Pei-Yu ;
Mukhopadhyay, Tridas .
PRODUCTION AND OPERATIONS MANAGEMENT, 2011, 20 (04) :603-617