| 代码审计系统的误报率成因和优化 |
| |
| 引用本文: | 肖芫莹,游耀东,向黎希.代码审计系统的误报率成因和优化[J].电信科学,2020,36(12):155-162. |
| |
| 作者姓名: | 肖芫莹 游耀东 向黎希 |
| |
| 作者单位: | 中国电信股份有限公司研究院,上海 200122 |
| |
| 摘 要: | 目前,代码审计已经成为网络安全建设中举足轻重的环节,基于自动化源代码检测的代码审计系统已经得到了广泛的应用,但仍存在诸多缺点。总结了当前代码审计系统的不足之处,简述了不同静态源代码检测算法的原理,并分析检测报告中出现误报的原因,提出了相应的优化思路,描述了优化方案的技术原理及其应用场景。
|
| 关 键 词: | 代码审计 静态检测技术 网络安全 |
Causes and optimization of the false alarm rate of code review system |
| |
| Yuanying XIAO,Yaodong YOU,Lixi XIANG.Causes and optimization of the false alarm rate of code review system[J].Telecommunications Science,2020,36(12):155-162. |
| |
| Authors: | Yuanying XIAO Yaodong YOU Lixi XIANG |
| |
| Affiliation: | Research Institute of China Telecom Co.,Ltd.,Shanghai 200122,China |
| |
| Abstract: | Code review technology has become a pivotal part in the construction of network security.Analysis of the test reports obtained by the current code auditing system shows that there are many false positives in the report.The shortcomings in the development of the code audit system were summarized,the principles of different detection algorithms were briefly described,the causes of false alarm rates were analyzed,corresponding optimization ideas were proposed,the technical principles of optimization were explained,and the application scenarios of optimization schemes were described. |
| |
| Keywords: | code review static analysis technology network security |
|
| 点击此处可从《电信科学》浏览原始摘要信息 |
|
点击此处可从《电信科学》下载全文 |
|
