Visible to the public A Synopsis Of Static Analysis Alerts On Open Source SoftwareConflict Detection Enabled


Static application security testing (SAST) tools detect potential code defects (alerts) without having to execute the code. SASTs are now widely used in practice by both commercial and open source software (OSS). Prior work found that half of the state-of-the-art OSS projects have already employed automated static analysis [1]. However, little public information is available regarding the actionability (important to developers to act upon) of SAST alerts.


Nasif Imtiaz is a second year Ph.D. student at North Carolina State University. His research interests are in software engineering, software security, and human-computer interaction. In his first year of grad school, he studied developer interaction on GitHub to measure the possible effects of gender bias in open source software development. Nasif is currently working under the supervision of Dr. Laurie Williams with a research focus on how to improve the usability of static application security testing (SAST) tools within the context of continuous integration.

Creative Commons 2.5
Preview: Preview | Thumbnail | Medium | Image

Other available formats:     

A Synopsis Of Static Analysis Alerts On Open Source Software