文章基本信息

标题：Detecting False Negatives in Static Analysis Tools Using Test Code Mutants
本地全文：下载
作者：Hyun Woo Park ; Tae-Hyoung Choi ; Kyoung-Goo Doh 等
期刊名称：Journal of Security Engineering
印刷版ISSN：1738-7531
出版年度：2017
卷号：14
期号：2
页码：77-90
出版社：SERSC
摘要：Modern Software is often exposed to security accidents primarily due to malicious hackings takingadvantage of defects and vulnerabilities residing in source code. Recent technological advance andcommercial success of static-analysis tools have made it possible for software developers to use the toolsand detect safety defects and security vulnerabilities before release. Despite the advantages of static codeanalysis, the developers tend to avoid using it because of the immoderate false negatives and positives. Inthis paper, we propose an effective method of automatically generating test codes for static-analysis toolsbased on mutation testing techniques. In fact, several false-negatives of commercially released a staticanalysis tool were found by this method.
关键词：Static analysis; Test-case generation; Mutation testing; Secure coding