Manual Vs. Automated Vulnerability Assessment

Free registration required

Executive Summary

The dream of every software development team is to assess the security of their software using only a tool. In this paper, the authors attempt to evaluate and quantify the effectiveness of automated source code analysis tools by comparing such tools to the results of an in-depth manual evaluation of the same system. They present their manual vulnerability assessment methodology, and the results of applying this to a major piece of software. They then analyze the same software using two commercial products, Coverity Prevent and Fortify SCA, that perform static source code analysis.

  • Format: PDF
  • Size: 127.7 KB