A Comprehensive Evaluation of Capture-Recapture Models for Estimating Software Defect Content
IEEE Transactions on Software Engineering
Formal Models for Computer Security
ACM Computing Surveys (CSUR)
Building secure software: how to avoid security problems the right way
Building secure software: how to avoid security problems the right way
A system and language for building system-specific, static analyses
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Software Engineering Economics
Software Engineering Economics
IEEE Security and Privacy
The Trustworthy Computing Security Development Lifecycle
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
One evaluation of model-based testing and its automation
Proceedings of the 27th international conference on Software engineering
Software Security Analysis - Execution Phase Audit
EUROMICRO '05 Proceedings of the 31st EUROMICRO Conference on Software Engineering and Advanced Applications
Effect of static analysis tools on software security: preliminary investigation
Proceedings of the 2007 ACM workshop on Quality of protection
Agile development with security engineering activities
Proceedings of the 2011 International Conference on Software and Systems Process
Prioritizing countermeasures through the countermeasure method for software security (CM-Sec)
PROFES'10 Proceedings of the 11th international conference on Product-Focused Software Process Improvement
Hi-index | 0.00 |
Automated static code analysis is an efficient technique to increase the quality of software during early development. This paper presents a case study in which mature software with known vulnerabilities is subjected to a static analysis tool. The value of the tool is estimated based on reported failures from customers. An average of 17% cost savings would have been possible if the static analysis tool was used. The tool also had a 30% success rate in detecting known vulnerabilities and at the same time found 59 new vulnerabilities in the three examined products.