Abstract
Static Application Security Testing (SAST) is a popular quality assurance technique in software engineering. However, integrating SAST tools into industry-level product development for security assessment poses various technical and managerial challenges. In this work, we reported results from a case study of adopting SAST as a part of a human-driven security assessment process in an open-source e-government project. We described how SASTs are selected, evaluated, and combined into a novel approach and adopted by security experts for software security assessment. The approach was preliminarily evaluated using semi-structured interviews. Our results show that while some SAST tools out-perform others, it is possible to achieve better performance by combining more than one SAST tools. The combined approach has the potential to aid the security assessment process for open-source software.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
