onr:"swepub:oai:DiVA.org:bth-8044"
Search: onr:"swepub:oai:DiVA.org:bth-8044" > Static Code Analysi...
- 1 of 1
- Previous record
- Next record
- To hitlist
Static Code Analysis to Detect Software Security Vulnerabilities : Does Experience Matter?
- Baca, Dejan (author)
- Petersen, Kai (author)
- Carlsson, Bengt (author)
- show more...
- Lundberg, Lars (author)
- show less...
- Fukuoka, Japan : IEEE Computer Society Press, 2009
- 2009
- English.
- Conference paper (peer-reviewed)
Abstract
Subject headings
Close
- Code reviews with static analysis tools are today recommended by several security development processes. Developers are expected to use the tools' output to detect the security threats they themselves have introduced in the source code. This approach assumes that all developers can correctly identify a warning from a static analysis tool (SAT) as a security threat that needs to be corrected. We have conducted an industry experiment with a state of the art static analysis tool and real vulnerabilities. We have found that average developers do not correctly identify the security warnings and only developers with specific experiences are better than chance in detecting the security vulnerabilities. Specific SAT experience more than doubled the number of correct answers and a combination of security experience and SAT experience almost tripled the number of correct security answers.
Subject headings
- NATURVETENSKAP -- Data- och informationsvetenskap -- Programvaruteknik (hsv//swe)
- NATURAL SCIENCES -- Computer and Information Sciences -- Software Engineering (hsv//eng)
- NATURVETENSKAP -- Data- och informationsvetenskap -- Datavetenskap (hsv//swe)
- NATURAL SCIENCES -- Computer and Information Sciences -- Computer Sciences (hsv//eng)
Keyword
- security
- vulnerabilities
- static code analysis
- coverity
- prevent
- industry experiment
- static analysis
- experience
- software security
Publication and Content Type
- ref (subject category)
- kon (subject category)
To the university's database
- 1 of 1
- Previous record
- Next record
- To hitlist
Find more in SwePub
- By the author/editor
- Baca, Dejan
- Petersen, Kai
- Carlsson, Bengt
- Lundberg, Lars
- About the subject
-
- NATURAL SCIENCES
- NATURAL SCIENCES
- and Computer and Inf ...
- and Software Enginee ...
-
- NATURAL SCIENCES
- NATURAL SCIENCES
- and Computer and Inf ...
- and Computer Science ...
- By the university
- Blekinge Institute of Technology
Search outside SwePub
- Extend your search to:
- Google Book Search
- Google Scholar
Kungliga biblioteket hanterar dina personuppgifter i enlighet med EU:s dataskyddsförordning (2018), GDPR. Läs mer om hur det funkar här.
Så här hanterar KB dina uppgifter vid användning av denna tjänst.
- Copyright © LIBRIS - National Library Systems
- LIBRIS.kb.se
