Evaluating the Cost Reduction of Static Code Analysis for Software Security
| Document type: | Conference Papers |
|---|---|
| Peer reviewed: | Yes |
| Full text: | |
| Author(s): | Dejan Baca, Bengt Carlsson, Lars Lundberg |
| Title: | Evaluating the Cost Reduction of Static Code Analysis for Software Security |
| Conference name: | PLAS'08 |
| Year: | 2008 |
| ISBN: | 978-1-59593-936-4 |
| Publisher: | ACM |
| City: | Tucson, Arizona |
| ISI number: | 000265663900008 |
| Organization: | Blekinge Institute of Technology |
| Department: | School of Engineering - Dept. of Systems and Software Engineering (Sektionen för teknik – avd. för programvarusystem) School of Engineering S- 372 25 Ronneby +46 455 38 50 00 http://www.tek.bth.se/ |
| Authors e-mail: | dejan.baca@bth.se, bengt.carlsson@bth.se, lars.lundberg@bth.se |
| Language: | English |
| Abstract: | Automated static code analysis is an efficient technique to increase the quality of software during early development. This paper presents a case study in which mature software with known vul-nerabilities is subjected to a static analysis tool. The value of the tool is estimated based on reported failures from customers. An average of 17% cost savings would have been possible if the static analysis tool was used. The tool also had a 30% success rate in detecting known vulnerabilities and at the same time found 59 new vulnerabilities in the three examined products. |
| Subject: | Software Engineering\General Computer Science\Electronic security Computer Science\Computersystems |
| Keywords: | Security, Static code analysis, trouble report, early fault detection, code quality improvement, cost reduction, source code, false positive, Coverity Prevent |
