On the combination of static analysis for software security assessment – a case study of an open-source e-government project

03/14/2021
by   Anh Nguyen Duc, et al.
0

Static Application Security Testing (SAST) is a popular quality assurance technique in software engineering. However, integrating SAST tools into industry-level product development and security assessment poses various technical and managerial challenges. In this work, we reported a longitudinal case study of adopting SAST as a part of a human-driven security assessment for an open-source e-government project. We described how SASTs are selected, evaluated, and combined into a novel approach for software security assessment. The approach was preliminarily evaluated using semi-structured interviews. Our result shows that (1) while some SAST tools out-perform others, it is possible to achieve better performance by combining more than one SAST tools and (2) SAST tools should be used towards a practical performance and in the combination with triangulated approaches for human-driven vulnerability assessment in real-world projects.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
02/10/2021

Enterprise-Driven Open Source Software: A Case Study on Security Automation

Agile and DevOps are widely adopted by the industry. Hence, integrating ...
research
11/30/2022

Towards automated open source assessment – An empirical study

The open source software (OSS) assessment has become important given the...
research
07/05/2021

An Empirical Study of Rule-Based and Learning-Based Approaches for Static Application Security Testing

Background: Static Application Security Testing (SAST) tools purport to ...
research
05/28/2020

The Impact of a Major Security Event on an Open Source Project: The Case of OpenSSL

Context: The Heartbleed vulnerability brought OpenSSL to international a...
research
12/01/2017

Terrain Database Correlation Assessment Using an Open Source Tool

Configuring networked simulators for training military teams in a distri...
research
03/01/2020

Longitudinal Evaluation of Open-Source Software Maintainability

We present a longitudinal study on the long-term evolution of maintainab...
research
05/23/2021

A Critical Evaluation of Failure in a Nearshore Outsourcing Project: What dilemma analysis can tell us

Global Software Engineering (GSE) research contains few examples conscio...

Please sign up or login with your details

Forgot password? Click here to reset