Performance Comparison and Analysis of Static Analysis Tools: Based on Vulnerability Analysis of Open Sources 


Vol. 47,  No. 4, pp. 679-689, Apr.  2022
10.7840/kics.2022.47.4.679


PDF
  Abstract

With many open sources being released worldwide, vulnerabilities can be connoted in individual written source codes. In this paper, we analyzed and compared performances based on the detected vulnerability results of open sources using Cppcheck, Yasca, and Flawfinder, which are static analysis tools to detect vulnerabilities. For this purpose, performances were analyzed and compared by comparing the detected vulnerabilities results by using each tool targeting the sample souce codes including the vulnerability and the real open sources including the encryption functions. As a result of analyzing the detection performances based on the number and accuracy of the detected source codes, Flawfinder has the highest performance, Yasca was next, and Cppcheck was analyzed as having the lowest performance. Nevertheless, CEWs detected by each tool are not duplicated and are different, and we consider that there is a limitation in that it is difficult to quantitatively evaluate the detection accuracy of the published CWEs and to verify the detected vulnerabilities based on dynamic analysis with an analysis of the detected CWE results.

  Statistics
Cumulative Counts from November, 2022
Multiple requests among the same browser session are counted as one view. If you mouse over a chart, the values of data points will be shown.


  Cite this article

[IEEE Style]

J. Jeong, J. Lee, K. Lee, "Performance Comparison and Analysis of Static Analysis Tools: Based on Vulnerability Analysis of Open Sources," The Journal of Korean Institute of Communications and Information Sciences, vol. 47, no. 4, pp. 679-689, 2022. DOI: 10.7840/kics.2022.47.4.679.

[ACM Style]

Jiin Jeong, Jaehyuk Lee, and Kyungroul Lee. 2022. Performance Comparison and Analysis of Static Analysis Tools: Based on Vulnerability Analysis of Open Sources. The Journal of Korean Institute of Communications and Information Sciences, 47, 4, (2022), 679-689. DOI: 10.7840/kics.2022.47.4.679.

[KICS Style]

Jiin Jeong, Jaehyuk Lee, Kyungroul Lee, "Performance Comparison and Analysis of Static Analysis Tools: Based on Vulnerability Analysis of Open Sources," The Journal of Korean Institute of Communications and Information Sciences, vol. 47, no. 4, pp. 679-689, 4. 2022. (https://doi.org/10.7840/kics.2022.47.4.679)

Search
(IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

Advanced Search

POPULAR KEYWORDS
(TOP 10 KEYWORDS)

Recent Publications
(LAST 3 YEARS)






pISSN : 1226 - 4717
eISSN : 2287 - 3880