Static Source Code Analysis
Combining static source code analysis and threat assessment modeling for testing open source software security
... using static source code analysis tools showed that the test case application, ...of source code ...the static source code analysis tools detected ...
121
Evaluating Static Source Code Analysis Tools
... The documentation in Appendix A was created with DokuWiki (http://www.dokuwiki.org), be- cause the Computer Security Team at CERN uses this software to keep versioned information for general purposes. One additional ...
66
Static source code analysis in agile development methodologies
... a static analysis tool called ...the code had to be specifically marked in order to be skipped by the ...additional static analysis tool, unless it is decided to stick to the current ...
142
Identification Of JavaScript Function Constructor Using Static Source Code Analysis
... of code from external packages, which are mostly written by other ...the code base is rather small, and the imported code is already organized using some packaging system (and therefore, only ...
77
Controlling Software Complexity. The Business Case for Static Source Code Analysis
... improve code quality and security, Coverity’s static analysis solution decreases time to market and optimizes developer ...product code, ranging from scalable database systems to ...
16
RIPS - A static source code analyser for vulnerabilities in PHP scripts
... Both tools suffer from the limitations of static source code analysis as described in the previous section. An extended version of Pixy called Saner [13] has been created to address the ...
12
RIPS - A static source code analyser for vulnerabilities in PHP scripts
... taint analysis for PVF because it uses the applications logic and is not a taint-style ...of static source code analysis is the missing evaluation of dynamic strings that are build at ...
30
Profile Detection Through Source Code Static Analysis
... The profile is generated by counting language constructs and then comparing the numbers to the ones of previously developed optimal solutions for the given tasks. Through that comparison it’s possible to find gaps in ...
13
Source Code Review Using Static Analysis Tools
... analysing source code and finding critical bugs and ...called static analysis and they are able to find, analyse and suggest solutions to the programmer in the early stages of ...
20
Predicting Source Code Quality with Static Analysis and Machine Learning
... about code quality is how easy it is for humans to read and understand the code, and an important measurement for this is the complexity ...A code smell is an indicator that a program possibly ...
12
Gold Standard Method for Benchmarking C Source Code Static Analysis Tools
... • Develop analysis support for CWEs 134,415/6,457,170) • Increase percentage of safety conditions proven automatically • Full reference analysis of 6 NIST SATE benchmark applications [r] ...
22
Task Granularity Analysis Method Using Static Metrics of Source Code for C Programs
... Sincethistaskschedulingisacombinatorialoptimizationproblem,itisimportantfbrittosuppressthe numberoftaskswhichconstitutestheprogram.Therefbre,uselessparallelismisremovedusingthe infbrmati[r] ...
8
Static Analysis and Symbolic Code Execution
... 1.1 Static Analysis of Programs An excellent introduction and review of static analysis can be found in the book by Nielson ...[2]. Static analysis of code, as the name ...
Predicting Attack-prone Components with Source Code Static Analyzers
... Metric 2. Count of vulnerabilities identified during testing and those reported in the field. Our second question is used to answer the hypothesis of this dissertation stated in Chapter 1. If SCSA warnings are in the ...
120
Testing Static Analysis Tools using Exploitable Buffer Overflows from Open Source Code
... We are aware of only three evaluations of tools that were not performed by tool developers. A qualitative survey of lexical analysis tools that detect use of functions often asso- ciated with buffer overflows is ...
10
A Framework and a Language for Usability Automatic Evaluation of Web Sites by Static Analysis of HTML Source Code
... A guideline could be evaluated differently from one evaluation context to another. The same guideline could have more than one interpretation, de- pending on the interpreter. Verifying a guideline may also change from ...
12
SAT4BSC: A Static Analysis Tool for BPEL Source Codes
... CFG is one of the most basic information of a program to analyze various properties of a program which in turn would be useful for software testing, software measure or metrics, and software maintenance [20]. CFG ...
7
Evaluating Code Coverage of Assertions by Static Analysis of RTL
... (RTL) code coverage can provide a metric for assertion quality, few methods to report it currently ...effective code coverage metrics for assertions - one inspired by test suite code coverage as ...
8
Measuring the Effect of Code Complexity on Static Analysis Results
... in static analysis detection rates decreasing with the year of discovery of the ...of static analysis tools have been published[19, ...local code complexity categories, such as aliasing ...
11
Static Code Analysis: Best Practices for Software Assurance in the
... original source code and there is no owner who could make such repairs on behalf of the ...the source code is available for review, repair and extension by the government and its ...
40