Why Is Static Application Security Testing Hard to Learn?
Why Is Static Application Security Testing Hard to Learn?
Padmanabhan Krishnan, Cristina Cifuentes, Li Li, Tegawende Bissyande, Jacques Klein
06 September 2023
In this article, we summarize our experience in combining program analysis with machine learning (ML) to develop a technique that can improve the development of specific program analyses. Our experience is negative. We describe the areas that need to be addressed if ML techniques are to be useful in the program analysis context. Most of the issues that we report are different from the ones that discuss the state of the art in the use of ML techniques to detect security vulnerabilities.
Venue : IEEE Security and Privacy, Volume 21, Issue 5
File Name : Why_Is_Static_Application_Security_Testing_Hard_to_Learn.pdf