Visual analysis of code security
Conference
·
OSTI ID:986845
- ORNL
- Applied Visions, Inc.
To help increase the confidence that software is secure, researchers and vendors have developed different kinds of automated software security analysis tools. These tools analyze software for weaknesses and vulnerabilities, but the individual tools catch different vulnerabilities and produce voluminous data with many false positives. This paper describes a system that brings together the results of disparate software analysis tools into a visual environment to support the triage and exploration of code vulnerabilities. Our system allows software developers to explore vulnerability results to uncover hidden trends, triage the most important code weaknesses, and show who is responsible for introducing software vulnerabilities. By correlating and normalizing multiple software analysis tools' data, the overall vulnerability detection coverage of software is increased. A visual overview and powerful interaction allows the user to focus attention on the most pressing vulnerabilities within huge volumes of data, and streamlines the secure software development workflow through integration with development tools.
- Research Organization:
- Oak Ridge National Laboratory (ORNL)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC05-00OR22725
- OSTI ID:
- 986845
- Country of Publication:
- United States
- Language:
- English
Similar Records
Introducing NOODLES: Collaborative Visualization in a Flavorful Package
NV: Nessus Vulnerability Visualization for the Web
A Review of Visualization Methods for Cyber-Physical Security: Smart Grid Case Study
Conference
·
Sun Apr 21 20:00:00 EDT 2024
·
OSTI ID:2341526
NV: Nessus Vulnerability Visualization for the Web
Conference
·
Sat Dec 31 23:00:00 EST 2011
·
OSTI ID:1056389
A Review of Visualization Methods for Cyber-Physical Security: Smart Grid Case Study
Journal Article
·
Tue Jun 13 20:00:00 EDT 2023
· IEEE Access
·
OSTI ID:1985176