Deep learning based vulnerability detection: Are we there yet?
Automated detection of software vulnerabilities is a fundamental problem in software
security. Existing program analysis techniques either suffer from high false positives or false …
security. Existing program analysis techniques either suffer from high false positives or false …
A systematic literature review of cross-domain model consistency checking by model management tools
Objective The goal of this study is to identify gaps and challenges related to cross-domain
model management focusing on consistency checking. Method We conducted a systematic …
model management focusing on consistency checking. Method We conducted a systematic …
D2a: A dataset built for ai-based vulnerability detection methods using differential analysis
Static analysis tools are widely used for vulnerability detection as they understand programs
with complex behavior and millions of lines of code. Despite their popularity, static analysis …
with complex behavior and millions of lines of code. Despite their popularity, static analysis …
A large-scale study of usability criteria addressed by static analysis tools
M Nachtigall, M Schlichtig, E Bodden - Proceedings of the 31st ACM …, 2022 - dl.acm.org
Static analysis tools support developers in detecting potential coding issues, such as bugs
or vulnerabilities. Research on static analysis emphasizes its technical challenges but also …
or vulnerabilities. Research on static analysis emphasizes its technical challenges but also …
Just-in-time static analysis
We present the concept of Just-In-Time (JIT) static analysis that interleaves code
development and bug fixing in an integrated development environment. Unlike traditional …
development and bug fixing in an integrated development environment. Unlike traditional …
Finding Fixed Vulnerabilities with Off-the-Shelf Static Analysis
Software depends on upstream projects that regularly fix vulnerabilities, but the
documentation of those vulnerabilities is often unreliable or unavailable. Automating the …
documentation of those vulnerabilities is often unreliable or unavailable. Automating the …
Machine learning for actionable warning identification: A comprehensive survey
Actionable Warning Identification (AWI) plays a crucial role in improving the usability of static
code analyzers. With recent advances in Machine Learning (ML), various approaches have …
code analyzers. With recent advances in Machine Learning (ML), various approaches have …
A hierarchical model for quantifying software security based on static analysis alerts and software metrics
Despite the acknowledged importance of quantitative security assessment in secure
software development, current literature still lacks an efficient model for measuring internal …
software development, current literature still lacks an efficient model for measuring internal …
Survey of approaches for postprocessing of static analysis alarms
T Muske, A Serebrenik - ACM Computing Surveys (CSUR), 2022 - dl.acm.org
Static analysis tools have showcased their importance and usefulness in automated
detection of defects. However, the tools are known to generate a large number of alarms …
detection of defects. However, the tools are known to generate a large number of alarms …
An empirical study of class rebalancing methods for actionable warning identification
Actionable warning identification (AWI) is crucial for improving the usability of static analysis
tools. Currently, machine learning (ML)-based AWI approaches are notably common, which …
tools. Currently, machine learning (ML)-based AWI approaches are notably common, which …