| Title | Techniques and Tools for Advanced Software Vulnerability Detection |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Pereira, José D’Abruzzo |
| Conference Name | 2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) |
| Date Published | Oct. 2020 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-7735-9 |
| Keywords | Benchmark testing, Manuals, Measurement, Metrics, metrics testing, Open Source Software, pubcrawl, security, software metrics, software vulnerability detection, static code analysis, Task Analysis, text mining, Tools |
| Abstract | Software is frequently deployed with vulnerabilities that may allow hackers to gain access to the system or information, leading to money or reputation losses. Although there are many techniques to detect software vulnerabilities, their effectiveness is far from acceptable, especially in large software projects, as shown by several research works. This Ph.D. aims to study the combination of different techniques to improve the effectiveness of vulnerability detection (increasing the detection rate and decreasing the number of false-positives). Static Code Analysis (SCA) has a good detection rate and is the central technique of this work. However, as SCA reports many false-positives, we will study the combination of various SCA tools and the integration with other detection approaches (e.g., software metrics) to improve vulnerability detection capabilities. We will also study the use of such combination to prioritize the reported vulnerabilities and thus guide the development efforts and fixes in resource-constrained projects. |
| URL | https://ieeexplore.ieee.org/document/9307657 |
| DOI | 10.1109/ISSREW51248.2020.00049 |
| Citation Key | pereira_techniques_2020 |
Techniques and Tools for Advanced Software Vulnerability Detection