Developers Need More Usable Static Code Scanners to Head Off Security Bugs

11 August 2020

While programmers are increasingly being asked to fix security issues during development, common software security scanners — known as static application security testing (SAST) tools — have a variety of usability issues that make them less accessible to developers, according to research presented at the USENIX Symposium on Usable Privacy and Security (SOUPS) on August 11. The research, conducted by researchers at Lafayette College and Google, found that the tools failed to provide obvious actions to manage the results of a scan or to fix vulnerabilities, failed to provide recommendations to prioritize vulnerability remediation, and had significant issues scaling to represent a large number of results.

Read full article on Dark Reading

Date:

11 August 2020

Categorie(s):

NEWS

Tag(s):

Bugs, Developers, Head, Scanners, Static

Win 95, LastPass, Kubernetes, Sandworm, Bloomtech, Frontier, 911, Aaran Leyland… – SWN #37919 April 2024
5.3M World-Check records may be leaked; how to check your records19 April 2024
Sacramento airport goes no-fly after AT&T internet cable snipped19 April 2024
Active adversary report: Ransomware hit a ceiling, but security teams at risk for more pain19 April 2024
Akira takes in $42 million in ransom payments, now targets Linux servers19 April 2024