00000cab a22000003a 4500 UP-99796217608835437 Buklod 20231007234836.0 m |o d | ta 090519s xx d | ||r ||||| || DENGII eng Zitser, Misha Testing static analysis tools using exploitable buffer overflows from open source code. pp. 97-106 Five modern static analysis tools (ARCHER, BOON, Poly-Space C Verifier, Splint, and UNO) were evaluated using source code examples containing 14 exploitable buffer overflow vulnerabilities found in various versions of Sendmail, BIND, and WU-FTPD. Each code example included a "BAD" case with and a "OK" case without buffer overflows. Buffer overflows varied and included stack, heap, bss and data buffers; access above and below buffer bounds; access using pointers, indices, and functions; and scope differences between buffer creation and use. Detection rates for the "BAD" examples were low except for Poly-Space and Splint which had average detection rates of 87% and 57%, respectively. However, average false alarm rates were high and roughly 50% for these two tools. On patched programs these two tools produce one warning for every 12 to 46 lines of source code and neither tool appears able to accurately distinguished between vulnerable and patched code. Software. Software engineering. Software / Program Verification. Testing and debugging. Computing milieux. Computers and society. Electronic commerce. Measurement. Performance. Security. Verification. Buffer overflow. Evaluation. Exploit. False alarm. Security. Source code. Static analysis. Test detection. Software engineering notes. 29, 6 (2004). FO UPD DENG-II Article