all InfoSec News
Automated Repair of Static Analysis Alerts
Software Engineering Institute (SEI) Podcast Series www.sei.cmu.edu
Developers know that static analysis helps make code more secure. However, static analysis tools often produce a large number of false positives, hindering their usefulness. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), David Svoboda, a software security engineer in the SEI’s CERT Division, discusses Redemption, a new open source tool from the SEI that automatically repairs common errors in C/C++ code generated from static analysis alerts, making code safer and static analysis less overwhelming.
alerts analysis automated automatic carnegie mellon carnegie mellon university cert code cyber developers engineer engineering false positives large mellon open source podcast repair security security engineer sei software software engineering software security static static analysis tools university