"False negative -- that one is going to kill you": Understanding Industry Perspectives of Static Analysis based Security Testing. (arXiv:2307.16325v2 [cs.CR] UPDATED) | allinfosecnews.com

Aug. 3, 2023, 1:10 a.m. | Amit Seal Ami, Kevin Moran, Denys Poshyvanyk, Adwait Nadkarni

cs.CR updates on arXiv.org arxiv.org

The demand for automated security analysis techniques, such as static
analysis based security testing (SAST) tools continues to increase. To develop
SASTs that are effectively leveraged by developers for finding vulnerabilities,
researchers and tool designers must understand how developers perceive, select,
and use SASTs, what they expect from the tools, whether they know of the
limitations of the tools, and how they address those limitations. This paper
describes a qualitative study that explores the assumptions, expectations,
beliefs, and challenges experienced …

analysis automated demand designers developers effectively industry kill perspectives researchers sast security security analysis security testing static analysis techniques testing tool tools understand understanding vulnerabilities

More from arxiv.org / cs.CR updates on arXiv.org

Differentially private Bayesian tests 1 day, 1 hour ago | arxiv.org

arxiv confidential cornerstone cs.cr +16

On the Learnability of Watermarks for Language Models 1 day, 1 hour ago | arxiv.org

arxiv ask can cs.cl +12

Intriguing Properties of Diffusion Models: An Empirical Study of the Natural Attack Capability in Text-to-Image … 1 day, 1 hour ago | arxiv.org

applications arxiv attack cs.cr +14

On the Reliability of Watermarks for Large Language Models 1 day, 1 hour ago | arxiv.org

arxiv bots cs.cl cs.cr +23

A Watermark for Large Language Models 1 day, 1 hour ago | arxiv.org

arxiv can cs.cl cs.cr +13

Asymmetric Distributed Trust 1 day, 1 hour ago | arxiv.org

abstraction algorithms arxiv can +12

Read Disturbance in High Bandwidth Memory: A Detailed Experimental Study on HBM2 DRAM Chips 1 day, 1 hour ago | arxiv.org

arxiv bandwidth chips cs.ar +5

ABACuS: All-Bank Activation Counters for Scalable and Low Overhead RowHammer Mitigation 1 day, 1 hour ago | arxiv.org

access address area arxiv +17

A Case Study of Large Language Models (ChatGPT and CodeBERT) for Security-Oriented Code Analysis 1 day, 1 hour ago | arxiv.org

analysis arxiv can capabilities +17

Security Specialist

@ Nestlé | St. Louis, MO, US, 63164

View on infosec-jobs.com

Cybersecurity Analyst

@ Dana Incorporated | Pune, MH, IN, 411057

View on infosec-jobs.com

Sr. Application Security Engineer

@ CyberCube | United States

View on infosec-jobs.com

Linux DevSecOps Administrator (Remote)

@ Accenture Federal Services | Arlington, VA

View on infosec-jobs.com

Cyber Security Intern or Co-op

@ Langan | Parsippany, NJ, US, 07054-2172

View on infosec-jobs.com

Security Advocate - Application Security

@ Datadog | New York, USA, Remote

View on infosec-jobs.com