Role of Program Analysis in Security Vulnerability Detection: Then and Now

Role of Program Analysis in Security Vulnerability Detection: Then and Now

Cristina Cifuentes, Francois Gauthier, Behnaz Hassanshahi, Padmanabhan Krishnan, Davin McCall

31 October 2023

Program analysis techniques play an important role in detecting security vulnerabilities. In this paper we describe our experiences in developing such tools that can be used in an industrial setting. The main driving forces for adoption are low false positive rate, ease of integration in the developer's workflow and results that are easy to understand. We also show how program analysis tools had to evolve with the evolving needs of the organisation. We conclude with our vision on how program analysis tools will be melded with DevSecOps.


Venue : A special issue of Computers & Security journal edited by Elsevier

File Name : AcceptedVersion.pdf



  • File Name : paper.pdf