The Community for Technology Leaders
Green Image
ABSTRACT
<p>Most security attacks exploit in-stances of well-known classes of implementation flaws. Developers could detect and eliminate many of these flaws before deploying the software, yet these problems persist with disturbing frequency-not be-cause the security community doesn't sufficiently understand them but because techniques for preventing them have not been integrated into the software development process. This article describes an extensible tool that uses lightweight static analysis to detect common security vulnerabilities (including buffer overflows and format string vulnerabilities).</p>
INDEX TERMS
CITATION
David Larochelle, David Evans, "Improving Security Using Extensible Lightweight Static Analysis", IEEE Software, vol. 19, no. , pp. 42-51, January/February 2002, doi:10.1109/52.976940
86 ms
(Ver )