Visual analysis of code security

Authors:
John R. Goodall;Hassan Radwan;Lenny Halseth
Affiliations:
A division of Applied Visions, Inc., Northport NY;Applied Visions, Inc., Northport NY;Applied Visions, Inc., Northport NY
Venue:
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Year:
2010

Citing 7
Cited 2

Parallel bargrams for consumer-based information exploration and choice

Proceedings of the 14th annual ACM symposium on User interface software and technology
Ordered and quantum treemaps: Making effective use of 2D space to display hierarchies

ACM Transactions on Graphics (TOG)
Improving Security Using Extensible Lightweight Static Analysis

IEEE Software
The Eyes Have It: A Task by Data Type Taxonomy for Information Visualizations

VL '96 Proceedings of the 1996 IEEE Symposium on Visual Languages
prefuse: a toolkit for interactive information visualization

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
The need for a national cybersecurity research and development agenda

Communications of the ACM
A few billion lines of code later: using static analysis to find bugs in the real world

Communications of the ACM

Malware images: visualization and automatic classification

Proceedings of the 8th International Symposium on Visualization for Cyber Security
NV: Nessus vulnerability visualization for the web

Proceedings of the Ninth International Symposium on Visualization for Cyber Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

To help increase the confidence that software is secure, researchers and vendors have developed different kinds of automated software security analysis tools. These tools analyze software for weaknesses and vulnerabilities, but the individual tools catch different vulnerabilities and produce voluminous data with many false positives. This paper describes a system that brings together the results of disparate software analysis tools into a visual environment to support the triage and exploration of code vulnerabilities. Our system allows software developers to explore vulnerability results to uncover hidden trends, triage the most important code weaknesses, and show who is responsible for introducing software vulnerabilities. By correlating and normalizing multiple software analysis tools' data, the overall vulnerability detection coverage of software is increased. A visual overview and powerful interaction allows the user to focus attention on the most pressing vulnerabilities within huge volumes of data, and streamlines the secure software development workflow through integration with development tools.