Transparent Static Analysis for the Detection of Security Vulnerabilities
Junior Submission
Static code analysis is a technology to automatically detect various security vulnerabilities at implementation time. Nevertheless, studies show that developers reject static analysis tools. The reason is that developers struggle to configure the static analysis such that it can operate efficiently in their application context. In this work, we improve the current situation by making the domain of static code analysis more transparent to developers when they use static analysis tools. In our approach, we propose a generator of configurations for static analyses for specific vulnerabilities selected by the developer. Moreover, the configurations are automatically customized to the code of interest that the developer works on.
Wed 18 Jul (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
| 14:00 - 14:25 Doctoral symposium paper | Olivier FlückigerNortheastern University, USA File Attached | |||||||||||||||||||||||||||||||||||||||||
| 14:25 - 14:41 Doctoral symposium paper | Anastasios AntoniadisUniversity of Athens, Greece File Attached | |||||||||||||||||||||||||||||||||||||||||
| 14:41 - 14:57 Doctoral symposium paper | Goran PiskachevFraunhofer IEM File Attached | |||||||||||||||||||||||||||||||||||||||||
| 14:57 - 15:13 Doctoral symposium paper | Timotej KapusImperial College London File Attached | |||||||||||||||||||||||||||||||||||||||||
| 15:13 - 15:29 Doctoral symposium paper | Dan IorgaImperial College London, UK | |||||||||||||||||||||||||||||||||||||||||
