Evaluating the Cost Reduction of Static Code Analysis for Software Security
Blekinge Institute of Technology, School of Engineering, Department of Systems and Software Engineering2008 (English)Conference paper (Refereed) Published
Automated static code analysis is an efficient technique to increase the quality of software during early development. This paper presents a case study in which mature software with known vul-nerabilities is subjected to a static analysis tool. The value of the tool is estimated based on reported failures from customers. An average of 17% cost savings would have been possible if the static analysis tool was used. The tool also had a 30% success rate in detecting known vulnerabilities and at the same time found 59 new vulnerabilities in the three examined products.
Place, publisher, year, edition, pages
Tucson, Arizona: ACM , 2008.
Security, Static code analysis, trouble report, early fault detection, code quality improvement, cost reduction, source code, false positive, Coverity Prevent
Software Engineering Computer Science
IdentifiersURN: urn:nbn:se:bth-8450ISI: 000265663900008Local ID: oai:bth.se:forskinfoFD6DF0504CE32471C12574A900308B93ISBN: 978-1-59593-936-4OAI: oai:DiVA.org:bth-8450DiVA: diva2:836174