Static analysis (SA) alerts about software code flaws require costly manual effort to validate (e.g., determine True or False) and repair. As a result, organizations often severely limit the types of alerts they manually examine to the types of code flaws they most worry about. That approach results in a tradeoff where many True flaws may never get fixed. To make alert handling more efficient, the SEI developed and tested novel software that enables the rapid deployment of a method to classify alerts automatically and accurately. We are implementing our solution in a new version of the SEI’s SCALe – the Source Code Analysis Lab – application.
資訊
- 節目
- 發佈時間2019年8月23日 下午12:43 [UTC]
- 長度3 分鐘
- 年齡分級兒少適宜