Projects per year
Abstract
Security issues arise permanently in different software products. Making software secure is a challenging endeavor. Static analysis of the source code can help eliminate various security bugs. The better a scanner is, the more bugs can be found and eliminated. The quality of security scanners can be determined by letting them scan code with known vulnerabilities. Thus, it is easy to see how much they have (not) found. We have used the Juliet Test Suite to test various scanners. This test suite contains test cases with a set of security bugs that should be found by security scanners. We have automated the process of scanning the test suite and of comparing the generated results. With one exception, we have only used freely available source code scanners. These scanners were not primarily targeted at security, yielding disappointing results at first sight. We will report on the findings, on the barriers for automatic scanning and comparing, as well as on the detailed results.
| Original language | English |
|---|---|
| Title of host publication | 11th International Conference on Security and Cryptography (SECRYPT 2014) Vienna, Austria - August 28-30, 2014 |
| Number of pages | 10 |
| DOIs | |
| Publication status | Published - Aug 2014 |
Fields of science
- 202005 Computer architecture
- 202017 Embedded systems
- 102 Computer Sciences
- 102002 Augmented reality
- 102006 Computer supported cooperative work (CSCW)
- 102015 Information systems
- 102027 Web engineering
- 202022 Information technology
- 207409 Navigation systems
- 502032 Quality management
- 502050 Business informatics
JKU Focus areas
- Computation in Informatics and Mathematics
- Management and Innovation
Projects
- 1 Active
-
Software Security
Sametinger, J. (PI)
01.01.2009 → 31.12.2026
Project: Other › Project from scientific scope of research unit