Article ID Journal Published Year Pages File Type
10367091 Information and Software Technology 2013 70 Pages PDF
Abstract
The results provide empirical evidences that support popular propositions not objectively demonstrated until now. The methodology is repeatable and allows ranking strictly the analyzed static analysis tools, in terms of vulnerabilities coverage and effectiveness for detecting the highest number of vulnerabilities having few false positives. Its use can help practitioners to select appropriate tools for a security review process of code. We propose some recommendations for improving the reliability and usefulness of static analysis tools and the process of benchmarking.
Keywords
Related Topics
Physical Sciences and Engineering Computer Science Human-Computer Interaction
Authors
, ,