Integration of Automated Static Analysis Alert Classification and Prioritization with Auditing Tools: Special Focus on SCALe

Abstract

This report summarizes technical progress and plans for developing a system to perform automated classification and advanced prioritization of static analysis alerts. Many features and fields have been added to the SEIs SCALe static analysis alert auditing tool for this. This report describes the new features and fields. It also describes the plan to connect this enhanced version of SCALe to an architecture that will provide classification and prioritization via API calls, and provides the API definition that has been developed. A prototype instantiating the architecture is being developed, and future work will complete the prototype and then integrate the latest version of SCALe with it.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 01, 2019
Accession Number
AD1084073

Entities

People

  • David Svoboda
  • Derek Leung
  • Ebonie Mcneil
  • Jiyeon Lee
  • Lori A. Flynn
  • Zachary Kurtz

Organizations

  • Carnegie Mellon University

Tags

DTIC Thesaurus Topics

  • Auditing
  • Business Administration
  • Classification
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Databases
  • Engineering
  • Graphical User Interface
  • Literature Surveys
  • Models
  • Prototypes
  • Risk
  • Software Assurance
  • Software Development
  • Standards
  • User Interface

Fields of Study

  • Computer science

Readers

  • Business Analytics
  • Logistics and Supply Chain Management.
  • Software Engineering.