all InfoSec news
"False negative -- that one is going to kill you": Understanding Industry Perspectives of Static Analysis based Security Testing. (arXiv:2307.16325v2 [cs.CR] UPDATED)
cs.CR updates on arXiv.org arxiv.org
The demand for automated security analysis techniques, such as static
analysis based security testing (SAST) tools continues to increase. To develop
SASTs that are effectively leveraged by developers for finding vulnerabilities,
researchers and tool designers must understand how developers perceive, select,
and use SASTs, what they expect from the tools, whether they know of the
limitations of the tools, and how they address those limitations. This paper
describes a qualitative study that explores the assumptions, expectations,
beliefs, and challenges experienced …
analysis automated demand designers developers effectively industry kill perspectives researchers sast security security analysis security testing static analysis techniques testing tool tools understand understanding vulnerabilities