TY - JOUR
T1 - Benchmarking the vulnerability detection capabilities of software analysis tools
AU - Baninemeh, Elena
AU - Jansen, Slinger
N1 - Publisher Copyright:
© 2022 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0)
PY - 2022
Y1 - 2022
N2 - Code cloning and copy-pasting code fragments is common practice in software engineering. If security vulnerabilities exist in a cloned code segment, those vulnerabilities may spread in the related software, potentially leading to security incidents. Code similarity is one effective approach to detect vulnerabilities hidden in software projects. However, due to the complexity, size, and diversity of source code, current methods suffer from low accuracy, and poor performance. Moreover, most existing clone detection techniques focus on a limited set of programming languages in the detection process. We propose to solve these problems using SearchSECO, a software analysis tool that detects vulnerabilities in multiple programming languages.
AB - Code cloning and copy-pasting code fragments is common practice in software engineering. If security vulnerabilities exist in a cloned code segment, those vulnerabilities may spread in the related software, potentially leading to security incidents. Code similarity is one effective approach to detect vulnerabilities hidden in software projects. However, due to the complexity, size, and diversity of source code, current methods suffer from low accuracy, and poor performance. Moreover, most existing clone detection techniques focus on a limited set of programming languages in the detection process. We propose to solve these problems using SearchSECO, a software analysis tool that detects vulnerabilities in multiple programming languages.
KW - code clone detection
KW - open-source software
KW - software security
KW - Software vulnerability
UR - http://www.scopus.com/inward/record.url?scp=85140883877&partnerID=8YFLogxK
M3 - Conference article
AN - SCOPUS:85140883877
SN - 1613-0073
VL - 3245
JO - CEUR Workshop Proceedings
JF - CEUR Workshop Proceedings
T2 - 21st Belgium-Netherlands Software Evolution Workshop, BENEVOL 2022
Y2 - 12 September 2022 through 13 September 2022
ER -