Benchmarking the vulnerability detection capabilities of software analysis tools

Elena Baninemeh, Slinger Jansen

Research output: Contribution to journalConference articleAcademicpeer-review

Abstract

Code cloning and copy-pasting code fragments is common practice in software engineering. If security vulnerabilities exist in a cloned code segment, those vulnerabilities may spread in the related software, potentially leading to security incidents. Code similarity is one effective approach to detect vulnerabilities hidden in software projects. However, due to the complexity, size, and diversity of source code, current methods suffer from low accuracy, and poor performance. Moreover, most existing clone detection techniques focus on a limited set of programming languages in the detection process. We propose to solve these problems using SearchSECO, a software analysis tool that detects vulnerabilities in multiple programming languages.

Original languageEnglish
Number of pages7
JournalCEUR Workshop Proceedings
Volume3245
Publication statusPublished - 2022
Event21st Belgium-Netherlands Software Evolution Workshop, BENEVOL 2022 - Mons, Belgium
Duration: 12 Sept 202213 Sept 2022

Keywords

  • code clone detection
  • open-source software
  • software security
  • Software vulnerability

Fingerprint

Dive into the research topics of 'Benchmarking the vulnerability detection capabilities of software analysis tools'. Together they form a unique fingerprint.

Cite this