TY - GEN
T1 - Visual analysis of code security
AU - Goodall, John R.
AU - Radwan, Hassan
AU - Halseth, Lenny
PY - 2010
Y1 - 2010
N2 - To help increase the confidence that software is secure, researchers and vendors have developed different kinds of automated software security analysis tools. These tools analyze software for weaknesses and vulnerabilities, but the individual tools catch different vulnerabilities and produce voluminous data with many false positives. This paper describes a system that brings together the results of disparate software analysis tools into a visual environment to support the triage and exploration of code vulnerabilities. Our system allows software developers to explore vulnerability results to uncover hidden trends, triage the most important code weaknesses, and show who is responsible for introducing software vulnerabilities. By correlating and normalizing multiple software analysis tools' data, the overall vulnerability detection coverage of software is increased. A visual overview and powerful interaction allows the user to focus attention on the most pressing vulnerabilities within huge volumes of data, and streamlines the secure software development workflow through integration with development tools.
AB - To help increase the confidence that software is secure, researchers and vendors have developed different kinds of automated software security analysis tools. These tools analyze software for weaknesses and vulnerabilities, but the individual tools catch different vulnerabilities and produce voluminous data with many false positives. This paper describes a system that brings together the results of disparate software analysis tools into a visual environment to support the triage and exploration of code vulnerabilities. Our system allows software developers to explore vulnerability results to uncover hidden trends, triage the most important code weaknesses, and show who is responsible for introducing software vulnerabilities. By correlating and normalizing multiple software analysis tools' data, the overall vulnerability detection coverage of software is increased. A visual overview and powerful interaction allows the user to focus attention on the most pressing vulnerabilities within huge volumes of data, and streamlines the secure software development workflow through integration with development tools.
KW - data fusion
KW - security visualization
KW - software analysis
KW - software assurance
KW - software visualization
UR - http://www.scopus.com/inward/record.url?scp=78149416940&partnerID=8YFLogxK
U2 - 10.1145/1850795.1850800
DO - 10.1145/1850795.1850800
M3 - Conference contribution
AN - SCOPUS:78149416940
SN - 9781450300131
T3 - ACM International Conference Proceeding Series
SP - 46
EP - 51
BT - VizSec 2010 - Proceedings of the 7th International Symposium on Visualization for Cyber Security
PB - Association for Computing Machinery
T2 - 7th International Symposium on Visualization for Cyber Security, VizSec 2010
Y2 - 14 September 2010 through 14 September 2010
ER -