Predicting Attack-prone Components with Source Code Static Analyzers

Abstract

No single vulnerability detection technique can identify all vulnerabilities in a software system. However, the vulnerabilities that are identified from a detection technique may be predictive of the residuals. We focus on creating and evaluating statistical models that predict the components that contain the highest risk residual vulnerabilities.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 01, 2009
Accession Number
ADA633622

Entities

People

  • Michael C. Gegick

Organizations

  • North Carolina State University

Tags

Communities of Interest

  • Cyber
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Accuracy
  • C Programming Language
  • Case Studies
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Cost Analysis
  • Couplings
  • Predictive Modeling
  • Reliability
  • Risk
  • Risk Analysis
  • Risk Management
  • Software Development
  • Statistical Analysis
  • Statistical Sampling

Fields of Study

  • Computer science

Readers

  • Computational Modeling and Simulation
  • Cybersecurity.