Change search
ReferencesLink to record
Permanent link

Direct link
Evaluating the Cost Reduction of Static Code Analysis for Software Security
Responsible organisation
2008 (English)Conference paper (Refereed) Published
Abstract [en]

Automated static code analysis is an efficient technique to increase the quality of software during early development. This paper presents a case study in which mature software with known vul-nerabilities is subjected to a static analysis tool. The value of the tool is estimated based on reported failures from customers. An average of 17% cost savings would have been possible if the static analysis tool was used. The tool also had a 30% success rate in detecting known vulnerabilities and at the same time found 59 new vulnerabilities in the three examined products.

Place, publisher, year, edition, pages
Tucson, Arizona: ACM , 2008.
Keyword [en]
Security, Static code analysis, trouble report, early fault detection, code quality improvement, cost reduction, source code, false positive, Coverity Prevent
National Category
Software Engineering Computer Science
URN: urn:nbn:se:bth-8450ISI: 000265663900008Local ID: 978-1-59593-936-4OAI: diva2:836174
Available from: 2012-09-18 Created: 2008-08-18 Last updated: 2015-06-30Bibliographically approved

Open Access in DiVA

fulltext(418 kB)38 downloads
File information
File name FULLTEXT01.pdfFile size 418 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Carlsson, BengtLundberg, Lars
Software EngineeringComputer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 38 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 67 hits
ReferencesLink to record
Permanent link

Direct link