A Comparison of Bug Finding Tools for Java
ISSRE '04 Proceedings of the 15th International Symposium on Software Reliability Engineering
IEEE Security and Privacy
Software Security: Building Security In
Software Security: Building Security In
Milk or wine: does software security improve with age?
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
On the Value of Static Analysis for Fault Detection in Software
IEEE Transactions on Software Engineering
Security vulnerabilities in software systems: a quantitative perspective
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Evaluating the cost reduction of static code analysis for software security
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
An historical examination of open source releases and their vulnerabilities
Proceedings of the 2012 ACM conference on Computer and communications security
Memory errors: the past, the present, and the future
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
| Hi-index | 0.00 |
Static analysis tools can handle large-scale software and find thousands of defects. But do they improve software security? We evaluate the effect of static analysis tool use on software security in open source projects. We measure security by vulnerability reports in the National Vulnerability Database.