Effect of static analysis tools on software security: preliminary investigation

14 years 5 months ago

Download samate.nist.gov

Static analysis tools can handle large-scale software and find thousands of defects. But do they improve software security? We evaluate the effect of static analysis tool use on software security in open source projects. We measure security by vulnerability reports in the National Vulnerability Database. Categories and Subject Descriptors D.2.8 [Software Engineering]: Metrics – product metrics; D.2.4 [Software Engineering]: Software/Program Verification; K.6.5 [Management of Computing and Information Systems]: Security and Protection General Terms Measurement, Security Keywords Software Security, Static Analysis Tools, Vulnerability

Vadim Okun, William F. Guthrie, Romain Gaucher, Pa

Real-time Traffic

CCS 2007 | Security Keywords Software | Security Privacy | Software Security | Static Analysis Tools |

claim paper

» Practical static analysis for inference of securityrelated program properties

» Idea Measuring the Effect of Code Complexity on Static Analysis Results

» Software Security Analysis Execution Phase Audit

» The Evolution and Decay of Statically Detected Source Code Vulnerabilities

» Prioritizing Software Inspection Results using Static Profiling

» Proving memory safety of floatingpoint computations by combining static and dynamic progra...

» TAJ effective taint analysis of web applications

» Software partitioning for effective automated unit testing

Post Info
More Details (n/a)

Added	07 Jun 2010
Updated	07 Jun 2010
Type	Conference
Year	2007
Where	CCS
Authors	Vadim Okun, William F. Guthrie, Romain Gaucher, Paul E. Black

Comments (0)

Sciweavers

Effect of static analysis tools on software security: preliminary investigation

CCS 2007 | Security Keywords Software | Security Privacy | Software Security | Static Analysis Tools |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers