{"id":661,"date":"2021-08-27T09:08:01","date_gmt":"2021-08-27T09:08:01","guid":{"rendered":"https:\/\/metrics.blogg.gu.se\/?p=661"},"modified":"2021-07-10T09:19:26","modified_gmt":"2021-07-10T09:19:26","slug":"comparing-different-security-vulnerability-detection-techniques-article-review","status":"publish","type":"post","link":"https:\/\/metrics.blogg.gu.se\/?p=661","title":{"rendered":"Comparing different security vulnerability detection techniques (article review)"},"content":{"rendered":"\n
\"\"
Image by Reimund Bertrams<\/a> from Pixabay<\/a><\/figcaption><\/figure>\n\n\n\n

An Empirical Study of Rule-Based and Learning-Based Approaches for Static Application Security Testing (arxiv.org)<\/a><\/p>\n\n\n\n

In the recent weeks I’ve turned into a specific part of my work, i.e. security vulnerability detection. In many areas, working with security has focused on the entire chain. And that’s a good thing – we need to understand when and where we have a vulnerability. However, that’s not what I can help with, which has never really stopped me before. <\/p>\n\n\n\n

So, I was looking for more programmatic view on security. To be more exact, I wonted to know what we, as software engineers, need to focus on when it comes to cyber security. We can, naturally, measure it, but that’s probably not the only thing. We can analyze libraries from OSS communities to find which ones could be exploited. We can even program in a specific way to minimize the risk of the exploitation. <\/p>\n\n\n\n

In this paper, the authors compare two different techniques for software vulnerability prediction – static software analysis and vulnerability prediction models. They have identified 12 different findings, of which the following are the most interesting ones:<\/p>\n\n\n\n