Static analysis (SA) alerts about software code flaws require costly manual effort to validate (e.g., determine True or False) and repair. As a result, organizations often severely limit the types of alerts they manually examine to the types of code flaws they most worry about. That approach results in a tradeoff where many True flaws may never get fixed. To make alert handling more efficient, the SEI developed and tested novel software that enables the rapid deployment of a method to classify alerts automatically and accurately. We are implementing our solution in a new version of the SEI’s SCALe – the Source Code Analysis Lab – application.
정보
- 프로그램
- 발행일2019년 8월 23일 오후 12:43 UTC
- 길이3분
- 등급전체 연령 사용가