An empirical study on the effectiveness of static C code analyzers for vulnerability detection
Static code analysis is often used to scan source code for security vulnerabilities. Given the
wide range of existing solutions implementing different analysis techniques, it is very …
wide range of existing solutions implementing different analysis techniques, it is very …
[PDF][PDF] Static code analysis tools: A systematic literature review
D Stefanović, D Nikolić, D Dakić… - Ann. DAAAM Proc. Int …, 2020 - academia.edu
Static code analysis tools are being increasingly used to improve code quality. Such tools
can statically analyze the code to find bugs, security vulnerabilities, security spots …
can statically analyze the code to find bugs, security vulnerabilities, security spots …
[HTML][HTML] Software vulnerabilities in TensorFlow-based deep learning applications
K Filus, J Domańska - Computers & Security, 2023 - Elsevier
Abstract Usage of Deep Learning (DL) methods is ubiquitous. It is common in the
DL/Artificial Intelligence domain to use 3rd party software. TensorFlow is one of the most …
DL/Artificial Intelligence domain to use 3rd party software. TensorFlow is one of the most …
A study of c/c++ code weaknesses on stack overflow
Stack Overflow hosts millions of solutions that aim to solve developers' programming issues.
In this crowdsourced question answering process, Stack Overflow becomes a code hosting …
In this crowdsourced question answering process, Stack Overflow becomes a code hosting …
Sok: Where to fuzz? assessing target selection methods in directed fuzzing
A common paradigm for improving fuzzing performance is to focus on selected regions of a
program rather than its entirety. While previous work has largely explored how these …
program rather than its entirety. While previous work has largely explored how these …
[PDF][PDF] Software security static analysis false alerts handling approaches
A Akremi - International Journal of Advanced Computer Science …, 2021 - researchgate.net
False Positive Alerts (FPA), generated by Static Analyzers Tools (SAT), reduce the
effectiveness of the automatic code review, letting them be underused in practice …
effectiveness of the automatic code review, letting them be underused in practice …
Semgrep*: Improving the limited performance of static application security testing (sast) tools
Vulnerabilities in code should be detected and patched quickly to reduce the time in which
they can be exploited. There are many automated approaches to assist developers in …
they can be exploited. There are many automated approaches to assist developers in …
On the use of open-source c/c++ static analysis tools in large projects
JDA Pereira, M Vieira - 2020 16th European Dependable …, 2020 - ieeexplore.ieee.org
Software applications are frequently deployed with security vulnerabilities that may open the
door to attacks. In business-critical scenarios, such attacks may lead to significant financial …
door to attacks. In business-critical scenarios, such attacks may lead to significant financial …
The Convergence of Source Code and Binary Vulnerability Discovery--A Case Study
Decompilers are tools designed to recover a high-level language representation (typically in
C code) from program binaries. Over the past five years, decompilers have improved …
C code) from program binaries. Over the past five years, decompilers have improved …
An extensive comparison of static application security testing tools
M Esposito, V Falaschi, D Falessi - arXiv preprint arXiv:2403.09219, 2024 - arxiv.org
Context: Static Application Security Testing Tools (SASTTs) identify software vulnerabilities
to support the security and reliability of software applications. Interestingly, several studies …
to support the security and reliability of software applications. Interestingly, several studies …