Source Code Verification Tools for Software Security Bugs

Authors:
Frédéric Michaud;Frédéric Painchaud
Affiliations:
Defence Research and Development Canada --Valcartier, 2459 Pie-XI Blvd North, Québec, QC, Canada, G3J 1X5;Defence Research and Development Canada --Valcartier, 2459 Pie-XI Blvd North, Québec, QC, Canada, G3J 1X5
Venue:
Proceedings of the 2006 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the fifth SoMeT_06
Year:
2006

Citing 4
Cited 2

Improving Security Using Extensible Lightweight Static Analysis

IEEE Software
Can Source Code Auditing Software Identify Common Vulnerabilities and Be Used to Evaluate Software Security?

HICSS '04 Proceedings of the Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS'04) - Track 9 - Volume 9
Basic Concepts and Taxonomy of Dependable and Secure Computing

IEEE Transactions on Dependable and Secure Computing
Static Analysis for Security

IEEE Security and Privacy

Enforcing code security in database web applications using libraries and object models

LCSD '07 Proceedings of the 2007 Symposium on Library-Centric Software Design
Creating Process-Agents incrementally by mining process asset library

Information Sciences: an International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

We investigated errors and vulnerabilities that emerge from software defects in C/C++ and Java programs. This allowed us to create a meaningful testbench in order to evaluate best-of-breed automatic source code verification tools. Our results show that current static tools cannot significantly reduce the risk associated with confidential data processing in a military context. Dynamic tools should be used in conjunction in order to provide the necessary assurance level.