Bug-Injector research receives award
The award was made during the International Working Conference on Source Code Analysis & Manipulation (SCAM). The paper was chosen after rounds of review and voting among program committee members. It describes Bug-Injector, a system designed to automatically create benchmarks for customised evaluation of static analysis tools.
Bug-Injector inserts bugs based on bug templates into host programs. It then runs tests on the host program to collect dynamic traces, searches the traces for a point where the state satisfies the preconditions for some bug template, then modifies the host program to “inject” a bug based on that template. Injected bugs were used as test cases to build a static analysis tool evaluation benchmark. Bug-Injector pairs every injected bug with the program input that exercises that bug.
More information
Paper download
https://arxiv.org/pdf/1901.02819.pdf
Related news
GrammaTech receives $8.4M from DARPA to develop cyber hardening technology
GrammaTech (“CodeSonar”) joins in DARPA system-security research
Code analysis tool yields metric on project security risk level
Infineon and Escrypt work to secure on-board communication
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :