Analyzing False Positive Source Code Vulnerabilities Using Static Analysis Tools
| dc.contributor.author | Cheirdari, Foteini | |
| dc.contributor.author | Karabatis, George | |
| dc.date.accessioned | 2019-02-28T15:54:43Z | |
| dc.date.available | 2019-02-28T15:54:43Z | |
| dc.date.issued | 2019-01-24 | |
| dc.description | 2018 IEEE International Conference on Big Data (Big Data) | en_US |
| dc.description.abstract | Static source code analysis for the detection of vulnerabilities may generate a huge amount of results making it difficult to manually verify all of them. In addition, static code analysis yields a large number of false positives. Consequently, software developers may ignore the results of static code analysis. This paper analyzes the results of static code analysis tools to identify false positive trends per tool. The novel idea is to assist developers and analysts identify the likelihood of a finding to be an actual true positive. This paper proposes an algorithm that makes use of a new critical feature, a personal identifier, which assists labeling the findings correctly as true or false. Experiments verified identification of true positives with a higher level of accuracy. | en_US |
| dc.description.uri | https://ieeexplore.ieee.org/abstract/document/8622456 | en_US |
| dc.format.extent | 7 pages | en_US |
| dc.genre | conference papers and proceedings | en_US |
| dc.identifier | doi:10.13016/m2qqac-ik0h | |
| dc.identifier.citation | Foteini Cheirdari, George Karabatis, Analyzing False Positive Source Code Vulnerabilities Using Static Analysis Tools, 2018 IEEE International Conference on Big Data (Big Data) , DOI: 10.1109/BigData.2018.8622456 | en_US |
| dc.identifier.uri | https://doi.org/10.1109/BigData.2018.8622456 | |
| dc.identifier.uri | http://hdl.handle.net/11603/12891 | |
| dc.language.iso | en_US | en_US |
| dc.publisher | IEEE | en_US |
| dc.relation.isAvailableAt | The University of Maryland, Baltimore County (UMBC) | |
| dc.relation.ispartof | UMBC Information Systems Department Collection | |
| dc.relation.ispartof | UMBC Faculty Collection | |
| dc.relation.ispartof | UMBC Student Collection | |
| dc.rights | This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author. | |
| dc.rights | © 2018 IEEE | |
| dc.subject | software assurance | en_US |
| dc.subject | vulnerability discovery | en_US |
| dc.subject | data mining | en_US |
| dc.title | Analyzing False Positive Source Code Vulnerabilities Using Static Analysis Tools | en_US |
| dc.type | Text | en_US |