使用开源软件比较静态安全分析工具

2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI:10.1109/SERE-C.2012.16

R. K. McLean

{"title":"使用开源软件比较静态安全分析工具","authors":"R. K. McLean","doi":"10.1109/SERE-C.2012.16","DOIUrl":null,"url":null,"abstract":"Software vulnerabilities present a significant impediment to the safe operation of many computer applications, both proprietary and open source. Fortunately, many static analysis tools exist to identify potential security issues. We present the results of evaluating multiple subsets of open source code for common software vulnerabilities using several such static security analysis tools. These results aid other developers in better discerning which tools to use in evaluating their own programs for security vulnerabilities.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"34","resultStr":"{\"title\":\"Comparing Static Security Analysis Tools Using Open Source Software\",\"authors\":\"R. K. McLean\",\"doi\":\"10.1109/SERE-C.2012.16\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software vulnerabilities present a significant impediment to the safe operation of many computer applications, both proprietary and open source. Fortunately, many static analysis tools exist to identify potential security issues. We present the results of evaluating multiple subsets of open source code for common software vulnerabilities using several such static security analysis tools. These results aid other developers in better discerning which tools to use in evaluating their own programs for security vulnerabilities.\",\"PeriodicalId\":403736,\"journal\":{\"name\":\"2012 IEEE Sixth International Conference on Software Security and Reliability Companion\",\"volume\":\"11 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-06-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"34\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 IEEE Sixth International Conference on Software Security and Reliability Companion\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SERE-C.2012.16\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SERE-C.2012.16","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 34

摘要

软件漏洞对许多计算机应用程序的安全运行构成了重大障碍，无论是专有的还是开源的。幸运的是，有许多静态分析工具可以识别潜在的安全问题。我们展示了使用几种这样的静态安全分析工具对常见软件漏洞的开源代码的多个子集进行评估的结果。这些结果帮助其他开发人员更好地辨别使用哪些工具来评估他们自己的程序的安全漏洞。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Comparing Static Security Analysis Tools Using Open Source Software

Software vulnerabilities present a significant impediment to the safe operation of many computer applications, both proprietary and open source. Fortunately, many static analysis tools exist to identify potential security issues. We present the results of evaluating multiple subsets of open source code for common software vulnerabilities using several such static security analysis tools. These results aid other developers in better discerning which tools to use in evaluating their own programs for security vulnerabilities.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2012 IEEE Sixth International Conference on Software Security and Reliability Companion

自引率

0.00%

发文量