Svoboda_automated.repair.static.analysis.alerts_2024.06.05.pdf (276.85 kB)

Automated Repair of Static Analysis Alerts

media

posted on 2024-06-05, 16:57 authored by David SvobodaDavid Svoboda

Developers know that static analysis helps make code more secure. However, static analysis tools often produce a large number of false positives, hindering their usefulness. In this podcast, David Svoboda, a software security engineer in the SEI’s CERT Division, discusses Redemption, a new open source tool from the SEI that automatically repairs common errors in C/C++ code generated from static analysis alerts, making code safer and static analysis less overwhelming.

History

Publisher Statement

DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution.

Copyright Statement

Audiovisual published 2024 via Software Engineering Institute, Carnegie Mellon University

Usage metrics

Keywords

secure coding software development static analysis testing podcast

Licence

In Copyright

Exports

RefWorks

BibTeX

Ref. manager

Endnote

DataCite

NLM

DC