Surmounting Challenges in Aggregating Results from Static Analysis Tools

Authors

Dr. Ann Marie Reinhold, Montana State UniversityFollow
Brittany Boles, Montana State UniversityFollow
A. Redempta Manzi Muneza, Montana State UniversityFollow
Thomas McElroy, Montana State UniversityFollow
Dr. Clemente Izurieta, Montana State UniversityFollow

Abstract

Aggregation poses a significant challenge for software practitioners because it requires a comprehensive and nuanced understanding of raw data from diverse sources. Suites of static-analysis tools (SATs) are commonly used to assess organizational security but simultaneously introduce significant challenges. Challenges include unique results, scales, configuration environments for each SAT execution, and incompatible formats between SAT outputs. Here, we document our experiences addressing these issues. We highlight the problem of relying on a single vendor's SAT version and offer a solution for aggregating findings across multiple SATs, aiming to enhance software security practices and deter threats early with robust defensive operations.

Recommended Citation

Reinhold, Dr. Ann Marie; Boles, Brittany; Muneza, A. Redempta Manzi; McElroy, Thomas; and Izurieta, Dr. Clemente (2024) "Surmounting Challenges in Aggregating Results from Static Analysis Tools," Military Cyber Affairs: Vol. 7 : Iss. 1 , Article 6.
Available at: https://digitalcommons.usf.edu/mca/vol7/iss1/6