dc.contributor.author | Nguyen-Duc, Anh | |
dc.contributor.author | Do, Manh Viet | |
dc.contributor.author | Luong Hong, Quan | |
dc.contributor.author | Nguyen Khac, Kiem | |
dc.contributor.author | Nguyen Quang, Anh | |
dc.date.accessioned | 2022-03-28T09:33:37Z | |
dc.date.available | 2022-03-28T09:33:37Z | |
dc.date.created | 2021-10-12T16:40:02Z | |
dc.date.issued | 2021 | |
dc.identifier.citation | Nguyen-Duc, A., Do, M. V., Luong Hong, Q., Nguyen Khac, K. & Nguyen Quang, A. (2021). On the adoption of static analysis for software security assessment–A case study of an open-source e-government project. Computers & Security, 111, Artikkel 102470. | en_US |
dc.identifier.issn | 0167-4048 | |
dc.identifier.uri | https://hdl.handle.net/11250/2987879 | |
dc.description.abstract | Static Application Security Testing (SAST) is a popular quality assurance technique in software engineering. However, integrating SAST tools into industry-level product development for security assessment poses various technical and managerial challenges. In this work, we reported results from a case study of adopting SAST as a part of a human-driven security assessment process in an open-source e-government project. We described how SASTs are selected, evaluated, and combined into a novel approach and adopted by security experts for software security assessment. The approach was preliminarily evaluated using semi-structured interviews. Our results show that while some SAST tools out-perform others, it is possible to achieve better performance by combining more than one SAST tools. The combined approach has the potential to aid the security assessment process for open-source software. | en_US |
dc.language.iso | eng | en_US |
dc.rights | Navngivelse 4.0 Internasjonal | * |
dc.rights.uri | http://creativecommons.org/licenses/by/4.0/deed.no | * |
dc.title | On the adoption of static analysis for software security assessment–A case study of an open-source e-government project | en_US |
dc.type | Peer reviewed | en_US |
dc.type | Journal article | en_US |
dc.description.version | publishedVersion | en_US |
dc.rights.holder | © 2021 The Authors. Published by Elsevier Ltd. | en_US |
dc.source.volume | 111 | en_US |
dc.source.journal | Computers & Security | en_US |
dc.identifier.doi | https://doi.org/10.1016/j.cose.2021.102470 | |
dc.identifier.cristin | 1945429 | |
dc.source.articlenumber | 102470 | en_US |
cristin.ispublished | true | |
cristin.fulltext | original | |
cristin.qualitycode | 1 | |