Static analysis (SA) alerts about software code flaws require costly manual effort to validate (e.g., determine True or False) and repair. As a result, organizations often severely limit the types of alerts they manually examine to the types of code flaws they most worry about. That approach results in a tradeoff where many True flaws may never get fixed. To make alert handling more efficient, the SEI developed and tested novel software that enables the rapid deployment of a method to classify alerts automatically and accurately. We are implementing our solution in a new version of the SEI’s SCALe – the Source Code Analysis Lab – application.
المعلومات
- البرنامج
- تاريخ النشر٢٣ أغسطس ٢٠١٩ في ١٢:٤٣ م UTC
- مدة الحلقة٣ من الدقائق
- التقييمملائم