Using groupings of static analysis alerts to identify files likely to contain field failures
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Using groupings of static analysis alerts to identify files likely to contain field failures
The 6th Joint Meeting on European software engineering conference and the ACM SIGSOFT symposium on the foundations of software engineering: companion papers
Understanding the value of program analysis tools
Companion to the 22nd ACM SIGPLAN conference on Object-oriented programming systems and applications companion
Effect of static analysis tools on software security: preliminary investigation
Proceedings of the 2007 ACM workshop on Quality of protection
Proceedings of the Second ACM-IEEE international symposium on Empirical software engineering and measurement
Quantitative analysis of faults and failures with multiple releases of softpm
Proceedings of the Second ACM-IEEE international symposium on Empirical software engineering and measurement
Prioritizing software security fortification throughcode-level metrics
Proceedings of the 4th ACM workshop on Quality of protection
A case study comparing defect profiles of a reused framework and of applications reusing it
Empirical Software Engineering
Toward Non-security Failures as a Predictor of Security Faults and Failures
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Towards a unified fault-detection benchmark
Proceedings of the 9th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Information and Software Technology
Continual monitoring of code quality
Proceedings of the 4th India Software Engineering Conference
aComment: mining annotations from comments and code to detect interrupt related concurrency bugs
Proceedings of the 33rd International Conference on Software Engineering
High false positive detection of security vulnerabilities: a case study
Proceedings of the 50th Annual Southeast Regional Conference
AutoODC: Automated generation of Orthogonal Defect Classifications
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Extending static analysis by mining project-specific rules
Proceedings of the 34th International Conference on Software Engineering
EuroSPI'07 Proceedings of the 14th European conference on Software Process Improvement
Hi-index | 0.00 |
No single software fault-detection technique is capable of addressing all fault-detection concerns. Similarly to software reviews and testing, static analysis tools (or automated static analysis) can be used to remove defects prior to release of a software product. To determine to what extent automated static analysis can help in the economic production of a high-quality product, we have analyzed static analysis faults and test and customer-reported failures for three large-scale industrial software systems developed at Nortel Networks. The data indicate that automated static analysis is an affordable means of software fault detection. Using the Orthogonal Defect Classification scheme, we found that automated static analysis is effective at identifying Assignment and Checking faults, allowing the later software production phases to focus on more complex, functional, and algorithmic faults. A majority of the defects found by automated static analysis appear to be produced by a few key types of programmer errors and some of these types have the potential to cause security vulnerabilities. Statistical analysis results indicate the number of automated static analysis faults can be effective for identifying problem modules. Our results indicate static analysis tools are complementary to other fault-detection techniques for the economic production of a high-quality software product.