{"title":"供应链风险管理——了解您购买、构建或集成的代码中的漏洞","authors":"P. Croll","doi":"10.1109/SYSCON.2011.5929123","DOIUrl":null,"url":null,"abstract":"This paper describes the scope of the problem regarding software vulnerabilities and the current state of the practice in static code analysis for software assurance. Recommendations are made regarding the use of static analysis methods and tools during the software life. Static code analysis touch points in during life cycle reviews and challenges to automated static code analysis are also discussed.","PeriodicalId":109868,"journal":{"name":"2011 IEEE International Systems Conference","volume":"70 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-04-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Supply chain risk management - Understanding vulnerabilities in code you buy, build, or integrate\",\"authors\":\"P. Croll\",\"doi\":\"10.1109/SYSCON.2011.5929123\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper describes the scope of the problem regarding software vulnerabilities and the current state of the practice in static code analysis for software assurance. Recommendations are made regarding the use of static analysis methods and tools during the software life. Static code analysis touch points in during life cycle reviews and challenges to automated static code analysis are also discussed.\",\"PeriodicalId\":109868,\"journal\":{\"name\":\"2011 IEEE International Systems Conference\",\"volume\":\"70 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-04-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 IEEE International Systems Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SYSCON.2011.5929123\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE International Systems Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SYSCON.2011.5929123","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Supply chain risk management - Understanding vulnerabilities in code you buy, build, or integrate
This paper describes the scope of the problem regarding software vulnerabilities and the current state of the practice in static code analysis for software assurance. Recommendations are made regarding the use of static analysis methods and tools during the software life. Static code analysis touch points in during life cycle reviews and challenges to automated static code analysis are also discussed.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
