Back to Search Start Over

THE EXPERIENCE OF COMPARISON OF STATIC SECURITY CODE ANALYZERS

Authors :
Alexey Markov
Andrew Fadin
Vladislav Shvets
Valentin Tsirlov
Source :
International Journal of Advanced Studies, Vol 5, Iss 3, Pp 55-63 (2015)
Publication Year :
2015
Publisher :
Science and Innovation Center Publishing House, 2015.

Abstract

This work presents a methodological approach to comparison of static security code analyzers. It substantiates the comparison of the static analyzers as to efficiency and functionality indicators, which are stipulated in the international regulatory documents. The test data for assessment of static analyzers efficiency is represented by synthetic sets of open-source software, which contain vulnerabilities. We substantiated certain criteria for quality assessment of the static security code analyzers subject to standards NIST SP 500-268 and SATEC. We carried out experiments that allowed us to assess a number of the Russian proprietary software tools and open-source tools. We came to the conclusion that it is of paramount importance to develop Russian regulatory framework for testing software security (firstly, for controlling undocumented features) and evaluating the quality of static security code analyzers.

Subjects

Subjects :
information security
software security
static analysis
code vulnerabilities, security weaknesses
undocumented features
program testing
security audit
Construction industry
HD9715-9717.5

Details

Language :
English, Russian
ISSN :
23281391 and 2227930X
Volume :
5
Issue :
3
Database :
Directory of Open Access Journals
Journal :
International Journal of Advanced Studies
Publication Type :
Academic Journal
Accession number :
edsdoj.584eb7e6851e41deadc63b4b975605e5
Document Type :
article

Tools

Authors Abstract Subjects Details