Measurement and Application of Fault Latency
IEEE Transactions on Computers - The MIT Press scientific computation series
Estimating the Probability of Failure When Testing Reveals No Failures
IEEE Transactions on Software Engineering
A taxonomy of computer program security flaws
ACM Computing Surveys (CSUR)
An analysis of security incidents on the Internet 1989-1995
An analysis of security incidents on the Internet 1989-1995
Software Testing Techniques
Using benchmarking to advance research: a challenge to software engineering
Proceedings of the 25th International Conference on Software Engineering
How to Systematically Classify Computer Security Intrusions
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
ARCHER: using symbolic, path-sensitive analysis to detect memory access errors
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
MECA: an extensible, expressive system and language for statically checking security properties
Proceedings of the 10th ACM conference on Computer and communications security
Testing static analysis tools using exploitable buffer overflows from open source code
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
A software flaw taxonomy: aiming tools at security
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Empirical Software Engineering
Improving your software using static analysis to find bugs
Companion to the 21st ACM SIGPLAN symposium on Object-oriented programming systems, languages, and applications
Have things changed now?: an empirical study of bug characteristics in modern open source software
Proceedings of the 1st workshop on Architectural and system support for improving software dependability
Visual support of software engineers during development and maintenance
ACM SIGSOFT Software Engineering Notes
Evaluating static analysis defect warnings on production software
PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Finding more null pointer bugs, but not too many
PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
A buffer overflow benchmark for software model checkers
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Assessing work for static software bug detection
Proceedings of the 1st ACM international workshop on Empirical assessment of software engineering languages and technologies: held in conjunction with the 22nd IEEE/ACM International Conference on Automated Software Engineering (ASE) 2007
Common weakness enumeration (CWE) status update
ACM SIGAda Ada Letters
Parfait: designing a scalable bug checker
Proceedings of the 2008 workshop on Static analysis
Securing Java code: heuristics and an evaluation of static analysis tools
Proceedings of the 2008 workshop on Static analysis
Proceedings of the Second ACM-IEEE international symposium on Empirical software engineering and measurement
Defect categorization: making use of a decade of widely varying historical data
Proceedings of the Second ACM-IEEE international symposium on Empirical software engineering and measurement
On the Value of Static Analysis for Fault Detection in Software
IEEE Transactions on Software Engineering
Accurate Interprocedural Null-Dereference Analysis for Java
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Managing Post-Development Fault Removal
ITNG '09 Proceedings of the 2009 Sixth International Conference on Information Technology: New Generations
A few billion lines of code later: using static analysis to find bugs in the real world
Communications of the ACM
| Hi-index | 0.00 |
Developing a unified benchmark to compare and contrast ways to detect faults is an important aspect for the future of fault detection. In this paper, we explore benchmarks used in the evaluation of popular static analysis tools in order to raise awareness for the community to work towards a unified benchmark. Additionally, we introduce an initial design for a bottom-up repository to integrate benchmarks directly with the web interface of the accessible fault taxonomy, the Common Weakness Enumeration (CWE). The repository would be dynamically linked directly into the evolving CWE. It would reflect new faults, new fault attributes, new test cases and test case attributes. The repository could be dynamically used to aggregate, compare, improve and store information about benchmarks.