
Sign up to save your podcasts
Or
Static analysis tools used to identify potential vulnerabilities in source code produce a large number of alerts with high false-positive rates that engineers must painstakingly examine to find legitimate flaws. Researchers in the SEI’s CERT Division have developed the SCALe (Source Code Analysis Laboratory) tool to help analysts be more efficient and effective at auditing static analysis alerts. In this podcast, CERT researchers Lori Flynn and Zach Kurtz discuss ongoing research using test suites as a source of labeled training data to create classifiers for static analysis alerts.
4.5
1818 ratings
Static analysis tools used to identify potential vulnerabilities in source code produce a large number of alerts with high false-positive rates that engineers must painstakingly examine to find legitimate flaws. Researchers in the SEI’s CERT Division have developed the SCALe (Source Code Analysis Laboratory) tool to help analysts be more efficient and effective at auditing static analysis alerts. In this podcast, CERT researchers Lori Flynn and Zach Kurtz discuss ongoing research using test suites as a source of labeled training data to create classifiers for static analysis alerts.
272 Listeners
1,828 Listeners
361 Listeners
627 Listeners
0 Listeners
623 Listeners
269 Listeners
202 Listeners
7,878 Listeners
167 Listeners
187 Listeners
0 Listeners
127 Listeners
33 Listeners
47 Listeners
458 Listeners
86 Listeners