Why Is Static Application Security Testing Hard to Learn?
- Resource Type
- Periodical
- Authors
- Krishnan, P.; Cifuentes, C.; Li, L.; Bissyande, T.F.; Klein, J.
- Source
- IEEE Security & Privacy IEEE Secur. Privacy Security & Privacy, IEEE. 21(5):68-72 Jan, 2023
- Subject
- Computing and Processing
Aerospace
Bioengineering
Components, Circuits, Devices and Systems
Engineered Materials, Dielectrics and Plasmas
Engineering Profession
Fields, Waves and Electromagnetics
General Topics for Engineers
Nuclear Engineering
Robotics and Control Systems
Signal Processing and Analysis
Transportation
Communication, Networking and Broadcast Technologies
Photonics and Electrooptics
Power, Energy and Industry Applications
Privacy
Machine learning
Application security
Security
Software testing
Performance analysis
- Language
- ISSN
- 1540-7993
1558-4046
In this article, we summarize our experience in combining program analysis with machine learning (ML) to develop a technique that can improve the development of specific program analyses. Our experience is negative. We describe the areas that need to be addressed if ML techniques are to be useful in the program analysis context. Most of the issues that we report are different from the ones that discuss the state of the art in the use of ML techniques to detect security vulnerabilities