Effective Management of Static Analysis Vulnerabilities and Defects
نویسنده
چکیده
منابع مشابه
Security Audit using Extended Static Checking: Is It Cost-effective Yet?
This paper describes our experience of doing variation analysis of known security vulnerabilities in C++ projects including core operating system and browser COM components, using an extended static checker HAVOC-LITE. We describe the extensions made to the tool to be applicable on such large components, along with our experience of using an extended static checker in the large. We argue that t...
متن کاملThe recognition of the necessity of for community-based disaster risk management to reduce the risk of vulnerability to earthquake disaster (case study: YousefAbad neighborhood of Tehran)
Disaster management and current attitudes in this area only focus on this areachr('39')s physical vulnerabilities, raising urban residentschr('39') exposure to these challenges in front of the earthquake. On the other hand, Incidental actions include reducing the vulnerability and the physical strengthening and promotion of poor organization during the disaster; they ignored the capabilities an...
متن کاملStatic detection of C++ vtable escape vulnerabilities in binary code
Static binary code analysis is a longstanding technique used to find security defects in deployed proprietary software. The complexities of binary code compiled from object-oriented source languages (e.g. C++) has limited the utility of binary analysis to basic applications using simpler coding constructs, so vulnerabilities in object-oriented code remain undetected. In this paper, we present v...
متن کاملOn the capability of static code analysis to detect security vulnerabilities
Context: Static analysis of source code is a scalable method for discovery of software faults and security vulnerabilities. Techniques for static code analysis have matured in the last decade and many tools have been developed to support automatic detection. Objective: This research work is focused on empirical evaluation of the ability of static code analysis tools to detect security vulnerabi...
متن کاملStatic Analysis in Practice
Title of dissertation: STATIC ANALYSIS IN PRACTICE Nathaniel Ayewah, Doctor of Philosophy, 2010 Dissertation directed by: Professor William Pugh Department of Computer Science Static analysis tools search software looking for defects that may cause an application to deviate from its intended behavior. These include defects that compute incorrect values, cause runtime exceptions or crashes, expo...
متن کامل