On the adoption of static analysis for software security assessment–A case study of an open-source e-government project

Nguyen-Duc, Anh; Do, Manh Viet; Luong Hong, Quan; Nguyen Khac, Kiem; Nguyen Quang, Anh

dc.contributor.author	Nguyen-Duc, Anh
dc.contributor.author	Do, Manh Viet
dc.contributor.author	Luong Hong, Quan
dc.contributor.author	Nguyen Khac, Kiem
dc.contributor.author	Nguyen Quang, Anh
dc.date.accessioned	2022-03-28T09:33:37Z
dc.date.available	2022-03-28T09:33:37Z
dc.date.created	2021-10-12T16:40:02Z
dc.date.issued	2021
dc.identifier.citation	Nguyen-Duc, A., Do, M. V., Luong Hong, Q., Nguyen Khac, K. & Nguyen Quang, A. (2021). On the adoption of static analysis for software security assessment–A case study of an open-source e-government project. Computers & Security, 111, Artikkel 102470.	en_US
dc.identifier.issn	0167-4048
dc.identifier.uri	https://hdl.handle.net/11250/2987879
dc.description.abstract	Static Application Security Testing (SAST) is a popular quality assurance technique in software engineering. However, integrating SAST tools into industry-level product development for security assessment poses various technical and managerial challenges. In this work, we reported results from a case study of adopting SAST as a part of a human-driven security assessment process in an open-source e-government project. We described how SASTs are selected, evaluated, and combined into a novel approach and adopted by security experts for software security assessment. The approach was preliminarily evaluated using semi-structured interviews. Our results show that while some SAST tools out-perform others, it is possible to achieve better performance by combining more than one SAST tools. The combined approach has the potential to aid the security assessment process for open-source software.	en_US
dc.language.iso	eng	en_US
dc.rights	Navngivelse 4.0 Internasjonal	*
dc.rights.uri	http://creativecommons.org/licenses/by/4.0/deed.no	*
dc.title	On the adoption of static analysis for software security assessment–A case study of an open-source e-government project	en_US
dc.type	Peer reviewed	en_US
dc.type	Journal article	en_US
dc.description.version	publishedVersion	en_US
dc.rights.holder	© 2021 The Authors. Published by Elsevier Ltd.	en_US
dc.source.volume	111	en_US
dc.source.journal	Computers & Security	en_US
dc.identifier.doi	https://doi.org/10.1016/j.cose.2021.102470
dc.identifier.cristin	1945429
dc.source.articlenumber	102470	en_US
cristin.ispublished	true
cristin.fulltext	original
cristin.qualitycode	1

Tilhørende fil(er)

Filnavn:: 1-s2.0-S0167404821002947-main.pdf
Størrelse:: 1.539Mb
Format:: PDF
Beskrivelse:: 2021Nguyen-DucOn

Åpne

Denne innførselen finnes i følgende samling(er)

Institutt for økonomi og it [152]
Publikasjoner fra CRIStin [3417]

Vis enkel innførsel

Med mindre annet er angitt, så er denne innførselen lisensiert som Navngivelse 4.0 Internasjonal