Making Static Code Analysis More Efficient

Authors

  • Pomorova O.V. System Programming Department, Khmelnytskyi National University, Instytutska Str. 11, Khmelnytskyi, 29016, Ukraine
  • Ivanchyshyn D.O System Programming Department, Khmelnytskyi National University, Instytutska Str. 11, Khmelnytskyi, 29016, Ukraine

DOI:

https://doi.org/10.13052/jcsm2245-1439.315

Keywords:

Source code analysis, security, vulnerabilities, weaknesses, static analysis efficiency, efficiency metrics

Abstract

Modern software is a complex high-tech product. Users and customers put forward a number of requirements to such products. Requirements depend on software purpose. However, reliability, fault tolerance, security and safety requirements are topical for all software types. One of the approaches for realization of such requirements in the implementation stage of software life cycle is a static source code analysis (SCA). The efficiency assessment task of the SCA tools is an actual problem. This paper presents the method of the efficiency evaluating of the software static source code analysis. It allows increasing the quality and reliability of software in general. The result of this work is a method of efficiency improving at the debugging stage and approach for selection of the static code analysis tools for software of various types.

Downloads

Download data is not yet available.

Author Biographies

Pomorova O.V., System Programming Department, Khmelnytskyi National University, Instytutska Str. 11, Khmelnytskyi, 29016, Ukraine

Oksana Pomorova. Doctor of Technical Science, Head of System Programming Department, Full Professor in Khmelnitsky National University (Ukraine). Received the PhD degree in Kyiv Institute of Automatics (2002), the degree Doctor of Technical Science in 2008 in the National University “Lviv Polytechnic” (Ukraine), specialty 05.13.13 - “Computers, Systems and Networks”. IEEE member from 2005. Teaching - Computer Modeling, Technology of Software Design, Artificial Intelligence Systems. Guest lectures: Department of Computer Systems and Networks, Yuriy Fedkovych Chernivtsi National University (Ukraine); Kielce University of Technology (Poland). Research Interests: Intelligent Methods and Means of Computer Systems Diagnosing, Quality Assessment of Critical Software; Modeling and Design of Knowledge Bases for Testing and Diagnosing Specialized Computer Systems.

Ivanchyshyn D.O, System Programming Department, Khmelnytskyi National University, Instytutska Str. 11, Khmelnytskyi, 29016, Ukraine

Dmytro Ivanchyshyn. He defended his master's thesis in Khmelnitsky National University. Now studying in postgraduate at the Faculty Programming, Computer and Telecommunication Systems and working as teacher trainee of System Programming Department. His research interests are: Software Quality Assurance and Testing, System Security

References

Veracode Inc., State of Software Security Report: Volume 5, April 2013,~44 p.

Ian Sommerville, Software Engineering (9th Edition), 2010.

R. Lopes, D. Vicente, N. Silva. Static Analysis tools, a practical approach for safety-critical software verification. Critical Software SA Parque Industrial de Taveiro. Coimbra, Portugal, 2009, 12 p.

Intel Corporation, Improve C++ Code Quality with Static Security Analysis (SSA), 2013, 11 p.

National Security Agency Center for Assured Software. On Analyzing Static Analysis Tools. July, 2011.

Build Security In. Source Code Analysis Tools - Example Programs: https://buildsecurityin.us-cert.gov/bsi/articles/tools/code/498-BSI.html

Thomas Hofer. Evaluating Static Source Code Analysis Tools, School of Computer and Communications Science, Ecole Polytechnique Federal de Lausanne, March 12, 2010

R. Plösch, A. Mayr, G. Pomberger, M. Saft. An Approach for a Method and a Tool Supporting the Evaluation of the Quality of Static Code Analysis Tools. Proceedings of SQMB 2009 Workshop, SE 2009 conference, Kaiserslautern, Germany, July 2009.

Howard, M. A Process for Performing Security Code Reviews, IEEE Security & Privacy, July-August 2006, pp. 74–79.

Downloads

Published

2014-06-05

How to Cite

1.
O.V. P, D.O I. Making Static Code Analysis More Efficient. JCSANDM [Internet]. 2014 Jun. 5 [cited 2024 Apr. 19];3(1):77-88. Available from: https://journals.riverpublishers.com/index.php/JCSANDM/article/view/6175

Issue

2014: Vol 3 Iss 1

Section

Articles