[HTML][HTML] Just-in-time software vulnerability detection: Are we there yet?
Background: Software vulnerabilities are weaknesses in source code that might be exploited
to cause harm or loss. Previous work has proposed a number of automated machine …
to cause harm or loss. Previous work has proposed a number of automated machine …
Predicting defective lines using a model-agnostic technique
S Wattanakriengkrai, P Thongtanunam… - IEEE Transactions …, 2020 - ieeexplore.ieee.org
Defect prediction models are proposed to help a team prioritize the areas of source code
files that need Software Quality Assurance (SQA) based on the likelihood of having defects …
files that need Software Quality Assurance (SQA) based on the likelihood of having defects …
Detecting false alarms from automatic static analysis tools: How far are we?
Automatic static analysis tools (ASATs), such as Findbugs, have a high false alarm rate. The
large number of false alarms produced poses a barrier to adoption. Researchers have …
large number of false alarms produced poses a barrier to adoption. Researchers have …
Mitigating false positive static analysis warnings: Progress, challenges, and opportunities
Static analysis (SA) tools can generate useful static warnings to reveal the problematic code
snippets in a software system without dynamically executing the corresponding source code …
snippets in a software system without dynamically executing the corresponding source code …
Are sonarqube rules inducing bugs?
The popularity of tools for analyzing Technical Debt, and particularly the popularity of
SonarQube, is increasing rapidly. SonarQube proposes a set of coding rules, which …
SonarQube, is increasing rapidly. SonarQube proposes a set of coding rules, which …
Why can't johnny fix vulnerabilities: A usability evaluation of static analysis tools for security
Static analysis tools can help prevent security incidents, but to do so, they must enable
developers to resolve the defects they detect. Unfortunately, developers often struggle to …
developers to resolve the defects they detect. Unfortunately, developers often struggle to …
On the diffuseness of technical debt items and accuracy of remediation time when using SonarQube
MT Baldassarre, V Lenarduzzi, S Romano… - Information and …, 2020 - Elsevier
Context. Among the static analysis tools available, SonarQube is one of the most used.
SonarQube detects Technical Debt (TD) items—ie, violations of coding rules—and then …
SonarQube detects Technical Debt (TD) items—ie, violations of coding rules—and then …
Automatically Inspecting Thousands of Static Bug Warnings with Large Language Model: How Far Are We?
Static analysis tools for capturing bugs and vulnerabilities in software programs are widely
employed in practice, as they have the unique advantages of high coverage and …
employed in practice, as they have the unique advantages of high coverage and …
The prevalence of code smells in machine learning projects
Artificial Intelligence (AI) and Machine Learning (ML) are pervasive in the current computer
science landscape. Yet, there still exists a lack of software engineering experience and best …
science landscape. Yet, there still exists a lack of software engineering experience and best …
" False negative--that one is going to kill you": Understanding Industry Perspectives of Static Analysis based Security Testing
The demand for automated security analysis techniques, such as static analysis based
security testing (SAST) tools continues to increase. To develop SASTs that are effectively …
security testing (SAST) tools continues to increase. To develop SASTs that are effectively …