Is a False Positive really False Positive?

Hong Jun Choi, Hyuk Lee, Jin Young Choi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

As the number of devices with software increases, software reliability and security has become more critical. To improve reliability and security, developers and test engineers use static analysis tools to find defects early in the development process. However, it takes a lot of time and effort to determine whether alarms from performing static analysis are true or false positive. In this paper, we argue that all integer overflow generated by static analysis tools are weaknesses and should eventually be corrected. To show that our argument is reasonable, we explain static analysis results for binary search program code and CWE:190 example code in terms of reliability and security. It is unnecessary to identify whether the integer overflow generated by static analysis tools is true or false positive.

Original languageEnglish
Title of host publication23rd International Conference on Advanced Communication Technology
Subtitle of host publicationOn-Line Security in Pandemic Era!, ICACT 2021 - Proceeding
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages145-149
Number of pages5
ISBN (Electronic)9791188428069
DOIs
Publication statusPublished - 2021 Feb 7
Event23rd International Conference on Advanced Communication Technology, ICACT 2021 - Virtual, PyeongChang, Korea, Republic of
Duration: 2021 Feb 72021 Feb 10

Publication series

NameInternational Conference on Advanced Communication Technology, ICACT
Volume2021-February
ISSN (Print)1738-9445

Conference

Conference23rd International Conference on Advanced Communication Technology, ICACT 2021
CountryKorea, Republic of
CityVirtual, PyeongChang
Period21/2/721/2/10

Keywords

  • False Positive
  • Integer Overflow
  • Software Reliability
  • Software Security
  • Static Analysis
  • True Positive

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Is a False Positive really False Positive?'. Together they form a unique fingerprint.

Cite this