Evaluating the cost reduction of static code analysis for software security

by: Dejan Baca, Bengt Carlsson, Lars Lundberg

(2008), pp. 79-88.

View FullText article

ACM, DOI

Reviews [Write a review of this article]

There are no reviews of this article

Find related articles from these CiteULike users

srccheck

Find related articles with these CiteULike tags

roi, static_analysis

Abstract

Automated static code analysis is an efficient technique to increase the quality of software during early development. This paper presents a case study in which mature software with known vulnerabilities is subjected to a static analysis tool. The value of the tool is estimated based on reported failures from customers. An average of 17% cost savings would have been possible if the static analysis tool was used. The tool also had a 30% success rate in detecting known vulnerabilities and at the same time found 59 new vulnerabilities in the three examined products.

@inproceedings{citeulike:3383258, abstract = {Automated static code analysis is an efficient technique to increase the quality of software during early development. This paper presents a case study in which mature software with known vulnerabilities is subjected to a static analysis tool. The value of the tool is estimated based on reported failures from customers. An average of 17\% cost savings would have been possible if the static analysis tool was used. The tool also had a 30\% success rate in detecting known vulnerabilities and at the same time found 59 new vulnerabilities in the three examined products.}, address = {New York, NY, USA}, author = {Baca, Dejan and Carlsson, Bengt and Lundberg, Lars }, booktitle = {PLAS '08: Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security}, citeulike-article-id = {3383258}, doi = {http://dx.doi.org/10.1145/1375696.1375707}, isbn = {978-1-59593-936-4}, keywords = {roi, static\_analysis}, location = {Tucson, AZ, USA}, pages = {79--88}, posted-at = {2008-10-07 15:36:13}, priority = {2}, publisher = {ACM}, title = {Evaluating the cost reduction of static code analysis for software security}, url = {http://dx.doi.org/10.1145/1375696.1375707}, year = {2008} }

RIS record

TY - CONF ID - citeulike:3383258 L3 - citeulike-article-id:3383258 N2 - Automated static code analysis is an efficient technique to increase the quality of software during early development. This paper presents a case study in which mature software with known vulnerabilities is subjected to a static analysis tool. The value of the tool is estimated based on reported failures from customers. An average of 17% cost savings would have been possible if the static analysis tool was used. The tool also had a 30% success rate in detecting known vulnerabilities and at the same time found 59 new vulnerabilities in the three examined products. CY - Tucson, AZ, USA SN - 978-1-59593-936-4 AD - New York, NY, USA EP - 88 TI - Evaluating the cost reduction of static code analysis for software security PB - ACM T2 - PLAS '08: Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security SP - 79 KW - roi KW - static_analysis AU - Baca, Dejan AU - Carlsson, Bengt AU - Lundberg, Lars PY - 2008/// UR - http://dx.doi.org/10.1145/1375696.1375707 ER -

RIS BibTeX