THE EXPERIENCE OF COMPARISON OF STATIC SECURITY CODE ANALYZERS

Alexey Markov; Andrew Fadin; Vladislav Shvets; Valentin Tsirlov

International Journal of Advanced Studies (Sep 2015)

THE EXPERIENCE OF COMPARISON OF STATIC SECURITY CODE ANALYZERS

Alexey Markov,
Andrew Fadin,
Vladislav Shvets,
Valentin Tsirlov

Affiliations

Alexey Markov: NPO Echelon
Andrew Fadin: NPO Echelon
Vladislav Shvets: NPO Echelon
Valentin Tsirlov: NPO Echelon

Journal volume & issue: Vol. 5, no. 3
pp. 55 – 63

Abstract

Read online

This work presents a methodological approach to comparison of static security code analyzers. It substantiates the comparison of the static analyzers as to efficiency and functionality indicators, which are stipulated in the international regulatory documents. The test data for assessment of static analyzers efficiency is represented by synthetic sets of open-source software, which contain vulnerabilities. We substantiated certain criteria for quality assessment of the static security code analyzers subject to standards NIST SP 500-268 and SATEC. We carried out experiments that allowed us to assess a number of the Russian proprietary software tools and open-source tools. We came to the conclusion that it is of paramount importance to develop Russian regulatory framework for testing software security (firstly, for controlling undocumented features) and evaluating the quality of static security code analyzers.

Published in International Journal of Advanced Studies

ISSN: 2328-1391 (Print); 2227-930X (Online)
Publisher: Science and Innovation Center Publishing House
Country of publisher: Russian Federation
LCC subjects: Social Sciences: Industries. Land use. Labor: Special industries and trades: Construction industry
Website: http://ijournal-as.com/

About the journal

Abstract

Keywords