search menu icon-carat-right cmu-wordmark

Prioritizing Alerts from Static Analysis with Classification Models

November 2016 Presentation
Lori Flynn

In this presentation, Lori Flynn describes work toward an automated and accurate statistical classifier, intended to efficiently use analyst effort and to remove code flaws.

Publisher:

Software Engineering Institute

Abstract

The project created alert classification models using features derived from multiple static analysis tools, code base metrics, and archived audit determinations. The results are accurate predictors of alert validity, intended for use in automatic prioritization of alerts from static analysis tools that minimizes the number of alerts needing human assessment.