Solution-centric reporting of security warnings

Solution-centric reporting of security warnings

A new paradigm for security analysis is provided by transitioning code analysis reporting from the problem space (the warnings themselves), to a solution space (potential solutions to the identified problems). Thus, instead of reporting raw findings to the user, the automated system as described her...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Tripp Omer, Peyton, Jr. John Thomas, Teilhet Stephen Darwin, Duer Kristofer Alyn
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A new paradigm for security analysis is provided by transitioning code analysis reporting from the problem space (the warnings themselves), to a solution space (potential solutions to the identified problems). Thus, instead of reporting raw findings to the user, the automated system as described here outputs proposed solutions to eliminate the defects identified in the security analysis. A consequence of this approach is that the report generated by the analysis tool is much more consumable, and thus much more actionable. Preferably, the report provides the user with one or more candidate location(s) at which to apply a fix to an identified security problem. These locations preferably are identified by processing overlapping nodes to identify one or more solution groupings that represent an API for a sanitization fix. The report also includes one or more recommendations for the fix, and preferably the report is generated on a per-vulnerability type basis.