Learn More
Background: Action research is a well-established research methodology. It is following a post-positivist research philosophy grounded in critical thinking. The methodology is driven by practical problems, emphasis participatory research, and develops practically useful solutions in an iterative manner. Objective: Two objectives are to be achieved: (1)(More)
Automated static code analysis is an efficient technique to increase the quality of software during early development. This paper presents a case study in which mature software with known vulnerabilities is subjected to a static analysis tool. The value of the tool is estimated based on reported failures from customers. An average of 17% cost savings would(More)
Code reviews with static analysis tools are today recommended by several security development processes. Developers are expected to use the tools' output to detect the security threats they themselves have introduced in the source code. This approach assumes that all developers can correctly identify a warning from a static analysis tool (SAT) as a security(More)
Code revision of a leading telecom product was performed, combining manual audit and static analysis tools. On average, one exploitable vulnerability was found for every 4000 lines of code. Half of the located threats in the product were buffer overflows followed by race condition, misplaced trust, and poor random generators. Static analysis tools were used(More)
  • Dejan Baca
  • 2010
Static code analysis tools are often used by developers as early vulnerability detectors. Due to their automation they are less time-consuming and error-prone then manual reviews. However, they produce large quantities of warnings that developers have to manually examine and understand.In this paper, we look at a solution that makes static code analysis(More)