all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

SASTs are... bad?

Add to bookmarks
April 6, 2024, 12:19 a.m. | /u/kannthu

cybersecurity www.reddit.com

SASTs just suck, but how much? ...and why they suck?

I recently came across study ([https://sen-chen.github.io/img\_cs/pdf/fse2023-sast.pdf](https://sen-chen.github.io/img_cs/pdf/fse2023-sast.pdf)) that evaluates top SASTs like CodeQL, Semgrep, and SonarQube. This study evaluates 7 tools against dataset of real-world vulnerabilities (code snippets from CVEs, not a dummy vulnerable code) and mesures false positive and negative rate.

... and to no surprise the SASTs detected only 12,7% of all security issues. Researchers also combined results of all 7 tools and the detection rate was 30%.

Why …

bad can cybersecurity detection rate real researchers results security security issues surprise tools world

Visit resource

More from www.reddit.com / cybersecurity

Hackers of all kinds are attacking routers across the world | TechRadar 2 hours ago | www.reddit.com
cybersecurity hackers routers world
🤣 Ivanti is hiring an Offensive Security Engineer 3 hours ago | www.reddit.com
assessment cybersecurity old team +3
Migrating to Australia as a cybersecurity consultant 5 hours ago | www.reddit.com
australia clients consultant cybersecurity +11
Why is an entry level job so hard to get? 7 hours ago | www.reddit.com
automatic cybersecurity don down +7
REvil hacker behind Kaseya ransomware attack gets 13 years in prison 9 hours ago | www.reddit.com
cybersecurity
Veza releases the "State of Access" report based on 1.2B permissions 9 hours ago | www.reddit.com
access cybersecurity permissions releases +3
From S3 bucket to internal network operation 10 hours ago | www.reddit.com
cybersecurity internal internal network network +1
Investigating Microsoft Graph Activity Logs 10 hours ago | www.reddit.com
cybersecurity graph logs microsoft
Too much? 11 hours ago | www.reddit.com
clients control cybersecurity deploy +8

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Information Security Specialist, Sr. (Container Hardening)

@ Rackner | San Antonio, TX
View on infosec-jobs.com

Principal Security Researcher (Advanced Threat Prevention)

@ Palo Alto Networks | Santa Clara, CA, United States
View on infosec-jobs.com

EWT Infosec | IAM Technical Security Consultant - Manager

@ KPMG India | Bengaluru, Karnataka, India
View on infosec-jobs.com

Security Engineering Operations Manager

@ Gusto | San Francisco, CA; Denver, CO; Remote
View on infosec-jobs.com

Network Threat Detection Engineer

@ Meta | Denver, CO | Reston, VA | Menlo Park, CA | Washington, DC
View on infosec-jobs.com
View more jobs