DeepAI AI Chat
Log In Sign Up

On the combination of static analysis for software security assessment – a case study of an open-source e-government project

by   Anh Nguyen Duc, et al.

Static Application Security Testing (SAST) is a popular quality assurance technique in software engineering. However, integrating SAST tools into industry-level product development and security assessment poses various technical and managerial challenges. In this work, we reported a longitudinal case study of adopting SAST as a part of a human-driven security assessment for an open-source e-government project. We described how SASTs are selected, evaluated, and combined into a novel approach for software security assessment. The approach was preliminarily evaluated using semi-structured interviews. Our result shows that (1) while some SAST tools out-perform others, it is possible to achieve better performance by combining more than one SAST tools and (2) SAST tools should be used towards a practical performance and in the combination with triangulated approaches for human-driven vulnerability assessment in real-world projects.


page 1

page 2

page 3

page 4


Enterprise-Driven Open Source Software: A Case Study on Security Automation

Agile and DevOps are widely adopted by the industry. Hence, integrating ...

Towards automated open source assessment – An empirical study

The open source software (OSS) assessment has become important given the...

An Empirical Study of Rule-Based and Learning-Based Approaches for Static Application Security Testing

Background: Static Application Security Testing (SAST) tools purport to ...

The Impact of a Major Security Event on an Open Source Project: The Case of OpenSSL

Context: The Heartbleed vulnerability brought OpenSSL to international a...

Terrain Database Correlation Assessment Using an Open Source Tool

Configuring networked simulators for training military teams in a distri...

Longitudinal Evaluation of Open-Source Software Maintainability

We present a longitudinal study on the long-term evolution of maintainab...

A Critical Evaluation of Failure in a Nearshore Outsourcing Project: What dilemma analysis can tell us

Global Software Engineering (GSE) research contains few examples conscio...