Loading…
AppSec California 2020, January 21-24 at the Annenberg Beach House, Santa Monica, CA
Back To Schedule
Friday, January 24 • 2:10pm - 3:00pm
Choosing the right static code analyzers based on hard data

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
Published research shows that static code analysis cost-effectively catches security weaknesses before they become exploitable vulnerabilities. But finding the right code analyzers can be challenging.

This talk will discuss research funded by the U.S. Department of Homeland Security to deliver unbiased methods and information to assess and compare the performance of static analyzer products.

In this talk we introduce a new, freely-available website that presents the results of our research. We will discuss plans to track the types of weaknesses that analyzers can detect to help people quickly find the right analyzer and how to achieve good detection coverage of multiple weaknesses.

We’ll discuss the properties of analyzers important to consider when bringing one (or a few!) into your development pipeline. We’ll also cover plans to benchmark results quality using real code, not artificial data sets. Finally, we’re looking forward to audience feedback on what information or capabilities are important.
Speakers
avatar for Chris Horn

Chris Horn

Senior Researcher, Secure Decisions
Chris Horn is a Senior Researcher at Secure Decisions, an R&D division of Applied Visions, Inc. He has 18 years of experience in research, software systems, and new product development. Currently, he leads cybersecurity research & development projects and focuses on developing technology... Read More →

Horn Choosing the right static code analyzers based on hard data pdf
Friday January 24, 2020 2:10pm - 3:00pm PST
Terrace Lounge
  Talk: Protect It