Show simple item record

dc.contributor.authorCheirdari, Foteini
dc.contributor.authorKarabatis, George
dc.date.accessioned2019-02-28T15:54:43Z
dc.date.available2019-02-28T15:54:43Z
dc.date.issued2019-01-24
dc.description2018 IEEE International Conference on Big Data (Big Data)en_US
dc.description.abstractStatic source code analysis for the detection of vulnerabilities may generate a huge amount of results making it difficult to manually verify all of them. In addition, static code analysis yields a large number of false positives. Consequently, software developers may ignore the results of static code analysis. This paper analyzes the results of static code analysis tools to identify false positive trends per tool. The novel idea is to assist developers and analysts identify the likelihood of a finding to be an actual true positive. This paper proposes an algorithm that makes use of a new critical feature, a personal identifier, which assists labeling the findings correctly as true or false. Experiments verified identification of true positives with a higher level of accuracy.en_US
dc.description.urihttps://ieeexplore.ieee.org/abstract/document/8622456en_US
dc.format.extent7 pagesen_US
dc.genreconference papers and proceedingsen_US
dc.identifierdoi:10.13016/m2qqac-ik0h
dc.identifier.citationFoteini Cheirdari, George Karabatis, Analyzing False Positive Source Code Vulnerabilities Using Static Analysis Tools, 2018 IEEE International Conference on Big Data (Big Data) , DOI: 10.1109/BigData.2018.8622456en_US
dc.identifier.urihttps://doi.org/10.1109/BigData.2018.8622456
dc.identifier.urihttp://hdl.handle.net/11603/12891
dc.language.isoen_USen_US
dc.publisherIEEEen_US
dc.relation.isAvailableAtThe University of Maryland, Baltimore County (UMBC)
dc.relation.ispartofUMBC Information Systems Department Collection
dc.relation.ispartofUMBC Faculty Collection
dc.relation.ispartofUMBC Student Collection
dc.rightsThis item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
dc.rights© 2018 IEEE
dc.subjectsoftware assuranceen_US
dc.subjectvulnerability discoveryen_US
dc.subjectdata miningen_US
dc.titleAnalyzing False Positive Source Code Vulnerabilities Using Static Analysis Toolsen_US
dc.typeTexten_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record