Customized Security Triage from Analysis Tools: Current State of the Art

Customized Security Triage from Analysis Tools: Current State of the Art

연구 분야: Verification

학회: 2023 9th International Conference on Computer and Communications (ICCC)

The increasing complexity and mass production of software has made manual security testing unfeasible. Although numerous automated security testing tools exist, their adoption and recognition are controversial. This paper presents the state of the art of existing security testing tools and techniques, identifying their limitations and exploring their untapped potential. Furthermore, we delve into the future trajectory of security testing tools, discussing emerging trends and opportunities. We introduce SATriage, a novel tool under development, and detail its unique approach in static analysis for better vulnerability detection. SATriage leverages innovative weighting algorithms and defect relationship data to effectively reduce false positives, accurately identify high-risk software defects, and prioritize security concerns based on user preference. This platform brings a distinct shift from possibility to probability, ranking defects based on the likelihood of severe consequences, thereby offering developers more granular and actionable insights. Our discussion provides valuable insights for researchers and practitioners in software security.