The Evolution and Decay of Statically Detected Source Code Vulnerabilities

The presence of vulnerable statements in the source code is a crucial problem for maintainers: properly monitoring and, if necessary, removing them is highly desirable to ensure high security and reliability. To this aim, a number of static analysis tools have been developed to detect the presence o...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:SCAM 2008 : proceedings : eighth IEEE International Working Conference on Source Code Analysis and Manipulation : 28-29 September 2008, Beijing, China s. 101 - 110
Hlavní autori: Di Penta, M., Cerulo, L., Aversano, L.
Médium: Konferenčný príspevok..
Jazyk:English
Vydavateľské údaje: IEEE 01.09.2008
Predmet:
Buffer overflow
Data mining
empirical study
Evolution (biology)
mining software repositories
Rats
Security
Software
Software systems
software vulnerabilities
ISBN:9780769533537, 0769533531
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:The presence of vulnerable statements in the source code is a crucial problem for maintainers: properly monitoring and, if necessary, removing them is highly desirable to ensure high security and reliability. To this aim, a number of static analysis tools have been developed to detect the presence of instructions that can be subject to vulnerability attacks, ranging from buffer overflow exploitations to command injection and cross-site scripting.Based on the availability of existing tools and of data extracted from software repositories, this paper reports an empirical study on the evolution of vulnerable statements detected in three software systems with different static analysis tools. Specifically, the study investigates on vulnerability evolution trends and on the decay time exhibited by different kinds of vulnerabilities.
ISBN:9780769533537
0769533531
DOI:10.1109/SCAM.2008.20