The study evaluates Static Application Security Testing Tools (SASTTs) to set a benchmark for assessing their effectiveness. Findings reveal low Recall but high Precision in SASTTs, with false negatives outnumbering false positives. Multiple SASTTs and alternative techniques like machine learning should complement each other for comprehensive vulnerability identification. Recommendations include using weighted averages, trusting empirical results over documentation claims, and focusing on reducing false negatives in vulnerability detection.
Naar een andere taal
vanuit de broninhoud
arxiv.org
Belangrijkste Inzichten Gedestilleerd Uit
by Matteo Espos... om arxiv.org 03-15-2024
https://arxiv.org/pdf/2403.09219.pdfDiepere vragen