Comparing Static Security Analysis Tools Using Open Source Software

Author

McLean, Ryan K.

Author_Institution

Dept. of Electr. & Comput. Eng., Air Force Inst. of Technol., Wright-Patterson AFB, OH, USA

fYear

2012

fDate

20-22 June 2012

Firstpage

Lastpage

Abstract

Software vulnerabilities present a significant impediment to the safe operation of many computer applications, both proprietary and open source. Fortunately, many static analysis tools exist to identify potential security issues. We present the results of evaluating multiple subsets of open source code for common software vulnerabilities using several such static security analysis tools. These results aid other developers in better discerning which tools to use in evaluating their own programs for security vulnerabilities.

Keywords

program diagnostics; public domain software; security of data; open source code; open source software; potential security issues; software vulnerabilities; static analysis tools; static security analysis tools; Cryptography; Generators; Open source software; Rats; Software packages; C/C++; analysis tools; open source; software security; static analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Security and Reliability Companion (SERE-C), 2012 IEEE Sixth International Conference on

Conference_Location

Gaithersburg, MD

Print_ISBN

978-1-4673-2670-4

Type

conf

DOI

10.1109/SERE-C.2012.16

Filename

6258453

Link To Document

https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2847697