eprintid: 4609
rev_number: 8
eprint_status: archive
userid: 309
dir: disk0/00/00/46/09
datestamp: 2021-09-15 02:51:24
lastmod: 2021-09-15 02:51:24
status_changed: 2021-09-15 02:51:24
type: article
metadata_visibility: show
creators_name: Nguyen-Duc, Anh
creators_name: Do, Manh-Viet
creators_name: Luong-Hong, Quan
creators_name: Nguyen-Khac, Kiem
creators_name: Truong-Anh, Hoang
title: On the Combination of Static Analysis for Software Security Assessment – A Case Study of an Open-Source e-Government Project
ispublished: pub
subjects: IT
divisions: fac_fit
abstract: Static Application Security Testing (SAST) is a popular quality assurance technique in software engineering. However, integrating SAST tools into industry-level product development and security assessment poses various technical and managerial challenges. In this work, we reported a longitudinal case study of adopting SAST as a part of a human-driven security assessment for an open-source e-government project. We described how SASTs are selected, evaluated, and combined into a novel approach for software security assessment. The approach was preliminarily evaluated using semi-structured interviews. Our result shows that (1) while some SAST tools outperform others, it is possible to achieve better performance by combining more than one SAST tools and (2) SAST tools should be used towards a practical performance and in the combination with triangulated approaches for human-driven vulnerability assessment in real-world projects.
date: 2021-04
date_type: published
full_text_status: public
publication: Advances in Science, Technology and Engineering Systems Journal (ASTESJ)
volume: 6
number: 2
pagerange: 921-932
refereed: TRUE
issn: 2415-6698
citation:   Nguyen-Duc, Anh and Do, Manh-Viet and Luong-Hong, Quan and Nguyen-Khac, Kiem and Truong-Anh, Hoang  (2021) On the Combination of Static Analysis for Software Security Assessment – A Case Study of an Open-Source e-Government Project.  Advances in Science, Technology and Engineering Systems Journal (ASTESJ), 6  (2).   pp. 921-932.  ISSN 2415-6698     
document_url: https://eprints.uet.vnu.edu.vn/eprints/id/eprint/4609/1/index.html