Article ID | Journal | Published Year | Pages | File Type |
---|---|---|---|---|
10367091 | Information and Software Technology | 2013 | 70 Pages |
Abstract
The results provide empirical evidences that support popular propositions not objectively demonstrated until now. The methodology is repeatable and allows ranking strictly the analyzed static analysis tools, in terms of vulnerabilities coverage and effectiveness for detecting the highest number of vulnerabilities having few false positives. Its use can help practitioners to select appropriate tools for a security review process of code. We propose some recommendations for improving the reliability and usefulness of static analysis tools and the process of benchmarking.
Keywords
Related Topics
Physical Sciences and Engineering
Computer Science
Human-Computer Interaction
Authors
Gabriel DÃaz, Juan Ramón Bermejo,