Source Code Review Using Static Analysis Tools
- 1. CERN openlab Summer Student
- 2. Summer Student Supervisor
Description
Abstract
Many teams at CERN, develop their own software to solve their tasks. This
software may be public or it may be used for internal purposes. It is of major
importance for developers to know that their software is secure. Humans are able
to detect bugs and vulnerabilities but it is impossible to discover everything when
they need to read hundreds’ lines of code. As a result, computer scientists have
developed tools which complete efficiently and within minutes the task of analysing
source code and finding critical bugs and vulnerabilities. These tools are called
static analysis and they are able to find, analyse and suggest solutions to the
programmer in the early stages of development.
The goal of this project is to evaluate and compare as many static analysis tools
as possible (both freeware and commercial) according to metrics decided by
CERN Security Team. The final result should not only be a selection of tools per
language that software developers should utilise but also an automated way to use
them and get useful reports that will help developers write better software.
Files
SummerStudentReport-StavrosMoiras.pdf
Files
(1.1 MB)
Name | Size | Download all |
---|---|---|
md5:7d7c9ae66dd88a9b9b561055b4fa773d
|
1.1 MB | Preview Download |