Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Presentation

Hands-On Tutorial: Auditing Static Analysis Alerts Using a Lexicon and Rules

  • Abstract

    In this tutorial, given at the 2017 IEEE Secure Development Conference, SEI researchers describe auditing rules and a lexicon that the SEI developed so audit determinations are made consistently, even in corner cases they identify. The slides show real open-source code examples (and alerts from open-source static analysis tools) for participants and readers to make their own auditing determinations and check against the SEI’s determinations using the rules.

    During the tutorial, participants worked hands-on to make their auditing determinations, some using virtual machines distributed by the tutorial leaders and others using printouts.
     

  • Download