Report on the Static Analysis Tool Exposition (SATE) IV
作者: Vadim Okun , Aurelien Delaitre , Paul E. Black
关键词: Static program analysis 、 Software security assurance 、 Systems engineering 、 Vulnerability (computing) 、 Static analysis 、 Engineering 、 Security analysis 、 Exposition (narrative)
摘要:
sci-hub.se 参考文章(9)
F. Michaud, R. Carbone, Practical Verification & Safeguard Tools for C/C++ ,(2007)
Kendra Kratkiewicz, Richard Lippmann, Using a Diagnostic Corpus of C Programs to Evaluate Buffer Overflow Detection by Static Analysis Tools ,(2005)
K. Tsipenyuk, B. Chess, G. McGraw, Seven pernicious kingdoms: a taxonomy of software security errors ieee symposium on security and privacy. ,vol. 3, pp. 81- 84 ,(2005) , 10.1109/MSP.2005.159
J. Zheng, L. Williams, N. Nagappan, W. Snipes, J.P. Hudepohl, M.A. Vouk, On the value of static analysis for fault detection in software IEEE Transactions on Software Engineering. ,vol. 32, pp. 240- 253 ,(2006) , 10.1109/TSE.2006.38
Martin Johns, Moritz Jodeit, Scanstud: A Methodology for Systematic, Fine-Grained Evaluation of Static Analysis Tools international conference on software testing verification and validation workshops. pp. 523- 530 ,(2011) , 10.1109/ICSTW.2011.32
Misha Zitser, Richard Lippmann, Tim Leek, Testing static analysis tools using exploitable buffer overflows from open source code foundations of software engineering. ,vol. 29, pp. 97- 106 ,(2004) , 10.1145/1029894.1029911
James A. Kupsch, Barton P. Miller, Manual vs. Automated Vulnerability Assessment: A Case Study ,(2009)
vadim Okun, Aurelien Delaitre, Paul E Black, The second static analysis tool exposition (SATE) 2009 Special Publication (NIST SP) - 500-287. ,(2010) , 10.6028/NIST.SP.500-287
Paul E Black, Michael Kass, Michael Koo, Elizabeth Fong, Source code security analysis tool functional specification version 1.1 National Institute of Standards and Technology. ,(2011) , 10.6028/NIST.SP.500-268V1.1