The study evaluates Static Application Security Testing Tools (SASTTs) to set a benchmark for assessing their effectiveness. Findings reveal low Recall but high Precision in SASTTs, with false negatives outnumbering false positives. Multiple SASTTs and alternative techniques like machine learning should complement each other for comprehensive vulnerability identification. Recommendations include using weighted averages, trusting empirical results over documentation claims, and focusing on reducing false negatives in vulnerability detection.
לשפה אחרת
מתוכן המקור
arxiv.org
תובנות מפתח מזוקקות מ:
by Matteo Espos... ב- arxiv.org 03-15-2024
https://arxiv.org/pdf/2403.09219.pdfשאלות מעמיקות