What are the critical security flaws in my system?

Autor: Viktória Fördős
Rok vydání: 2021
Předmět:
Zdroj: Erlang Workshop
DOI: 10.1145/3471871.3472965
Popis: Delivering secure software is a challenge that every software engineering team needs to face and solve. Methods based on static analysis can help programmers identify security risks in the software. Security checkers built using static analysis methods are a great help but they can overload the users with their findings. Today there is no security checker for Erlang that understands the severity of the found vulnerability and uses the information to prioritise the found vulnerabilities when presenting the results to the programmers. In this paper we discuss how to prioritise vulnerabilities in Erlang programs. We propose a static analysis that determines the severity of a vulnerability. Building on top of our previous work, we extend the trust zone analyser algorithm with the proposed analysis to return prioritised results to the programmers. Our early evaluation shows that the trust zone analyser is able to identify and prioritise the most critical security flaws in an Erlang system.
Databáze: OpenAIRE