Change search
ReferencesLink to record
Permanent link

Direct link
Software Security Analysis: Execution Phase Audit
Responsible organisation
2005 (English)Conference paper (Refereed) Published
Abstract [en]

Code revision of a leading telecom product was performed, combining manual audit and static analysis tools. On average, one exploitable vulnerability was found for every 4000 lines of code. Half of the located threats in the product were buffer overflows followed by race condition, misplaced trust, and poor random generators. Static analysis tools were used to speed up the revision process and to integrate security tests into the overall project process. The discussion analyses the effectiveness of automatic tools for auditing software. Furthermore, the incorporation of the software security analysis into the development process, and the results and costs of the security analysis is discussed. From the initial 42 workdays used for finding all vulnerabilities, approximately 16 days were needed for finding and correcting 91,5 % of the vulnerabilities. So, proportionally small investments improve the program code security by integrating an automatic auditing tool into the ordinary execution of source code revision.

Place, publisher, year, edition, pages
Porto, 2005.
National Category
Computer Science
URN: urn:nbn:se:bth-8677ISI: 000232368700028Local ID: diva2:836427
Available from: 2012-09-18 Created: 2008-01-07 Last updated: 2015-06-30Bibliographically approved

Open Access in DiVA

fulltext(199 kB)54 downloads
File information
File name FULLTEXT01.pdfFile size 199 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Carlsson, Bengt
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 54 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 31 hits
ReferencesLink to record
Permanent link

Direct link