A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2012; you can also visit the original URL.
The file type is application/pdf
.
Can source code auditing software identify common vulnerabilities and be used to evaluate software security?
2004
37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the
Software vulnerabilities are a growing problem (c.f. MITRE's CVE, http://cve.mitre.org). Moreover, many of the mistakes leading to vulnerabilities are repeated often. Source code auditing tools could be a great help in identifying common mistakes, or in evaluating the security of software. We investigated the effectiveness of the auditing tools we could access, using the following criteria: number of false positives, false negatives by comparison to known vulnerabilities, and time required to
doi:10.1109/hicss.2004.1265654
dblp:conf/hicss/HeffleyM04
fatcat:n2mdozf545gqlfbjbws6aeejkq