| 发明名称 |
After-The-Fact Configuration Of Static Analysis Tools Able To Reduce User Burden |
| 摘要 |
A method includes mapping, based on a first mapping from possible security findings to possible configuration-related sources of imprecision, actual security findings from a static analysis of a program to corresponding configuration-related sources of imprecision, the mapping of the actual security findings creating a second mapping. A user is requested to configure selected ones of the configuration-related sources of imprecision from the second mapping. Responsive to a user updating configuration corresponding to the selected ones of the configuration-related sources of imprecision, security analysis results are updated for the static analysis of the program at least by determining whether one or more security findings from the security analysis results are no longer considered to be vulnerable based on the updated configuration by the user. The updated security analysis results are output. Apparatus and program products are also disclosed. |
| 申请公布号 |
US2014373159(A1) |
申请公布日期 |
2014.12.18 |
| 申请号 |
US201314024761 |
申请日期 |
2013.09.12 |
| 申请人 |
International Business Machines Corporation |
发明人 |
Guarnieri Salvatore A.;Pistoia Marco;Tripp Omer |
| 分类号 |
G06F21/57 |
主分类号 |
G06F21/57 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. An apparatus, comprising:
one or more memories comprising computer-readable code; one or more processors, wherein the one or more processors are configured, in response to execution of the computer-readable code, to cause the apparatus to perform the following: mapping, based on a first mapping from possible security findings to possible configuration-related sources of imprecision, actual security findings from a static analysis of a program to corresponding configuration-related sources of imprecision, the mapping of the actual security findings creating a second mapping; requesting a user configure selected ones of the configuration-related sources of imprecision from the second mapping; responsive to a user updating configuration corresponding to the selected ones of the configuration-related sources of imprecision, updating security analysis results for the static analysis of the program at least by determining whether one or more security findings from the security analysis results are no longer considered to be vulnerable based on the updated configuration by the user; and outputting the updated security analysis results. |
| 地址 |
Armonk NY US |
