A scientific seminar of department No. 2 of the Institute of Information Technology of ANAS was held on the topic “Approaches to the evaluation of static code analysis tools”.
Presenting the report, Gulnar Yagublu, a graduate student of the Institute, noted that as a result of mistakes made in the design, creation and operation of software systems, numerous gaps occurred. She emphasized that attackers use these gaps for unauthorized access to information systems.
Noting that the detection of gaps in the software is a complex issue, which requires large resources and costs: “When creating software, it is necessary to identify and eliminate gaps. Static code analysis tools are used for this, ” she said.
G. Yagublu noted that there are numerous tools for analyzing open-source and commercial static code, she also added that the issue of their evaluation is currently relevant both in terms of accuracy of gap detection and functionality.
She briefed on the SAMATE (Software Assurance Metrics And Tool Evaluation) project, noting that there are various methodologies for evaluating static code analysis tools used to identify gaps. She explained the metrics and their main characteristics used to objectively evaluate the accuracy of identifying security gaps using statistical code analyzers. She noted that in the future, some open-source static code analysis tools will be tested using the SAMATE Method and a test database.
In conclusion, the report was discussed, questions answered.
© All rights reserved. Citing to www.ict.az is necessary upon using news