Loading…
LASCON X has ended
Thursday, October 24 • 11:00am - 12:00pm
Choosing the Right Static Code Analyzers Based on Hard Data

Sign up or log in to save this to your schedule and see who's attending!

Published research shows that static code analysis cost-effectively catches security weaknesses before they become exploitable vulnerabilities. But finding the right code analyzers can be challenging.
This talk will discuss research funded by the U.S. Department of Homeland Security to deliver unbiased methods and information to assess and compare the performance of static analyzer products.
In this talk we introduce a new, freely-available website that presents the results of our research. We will discuss plans to track the types of weaknesses that analyzers can detect to help people quickly find the right analyzer and how to achieve good detection coverage of multiple weaknesses.
We’ll discuss the properties of analyzers important to consider when bringing one (or a few!) into your development pipeline. We’ll also cover plans to benchmark results quality using real code, not artificial data sets. Finally, we’re looking forward to audience feedback on what information or capabilities are important.

Speakers
avatar for Chris Horn

Chris Horn

Product Strategy & Development, Secure Decisions & Code Dx
Chris Horn is a Researcher at Secure Decisions, an R&D organization, and helps guide product development at Code Dx. He is currently engaged in several application security (AppSec) research projects, including: developing a system for benchmarking static code analyzers, studying... Read More →


Thursday October 24, 2019 11:00am - 12:00pm
Contrast Security Room 2525 W Anderson Ln #365, Austin, TX 78757, USA