@inproceedings{7819a09f4fd049b28f3984821e118323,
title = "Is a False Positive really False Positive?",
abstract = "As the number of devices with software increases, software reliability and security has become more critical. To improve reliability and security, developers and test engineers use static analysis tools to find defects early in the development process. However, it takes a lot of time and effort to determine whether alarms from performing static analysis are true or false positive. In this paper, we argue that all integer overflow generated by static analysis tools are weaknesses and should eventually be corrected. To show that our argument is reasonable, we explain static analysis results for binary search program code and CWE:190 example code in terms of reliability and security. It is unnecessary to identify whether the integer overflow generated by static analysis tools is true or false positive.",
keywords = "False Positive, Integer Overflow, Software Reliability, Software Security, Static Analysis, True Positive",
author = "Choi, {Hong Jun} and Hyuk Lee and Choi, {Jin Young}",
note = "Funding Information: This work was supported by the National Research Foundation of Korea(NRF) grant funded by the Korea government(MSIT) (No. NRF-2018R1A2B6009122). Publisher Copyright: {\textcopyright} 2022 Global IT Research Institute-GiRI.; 24th International Conference on Advanced Communication Technology, ICACT 2022 ; Conference date: 13-02-2022 Through 16-02-2022",
year = "2022",
doi = "10.23919/ICACT53585.2022.9728948",
language = "English",
series = "International Conference on Advanced Communication Technology, ICACT",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "145--149",
booktitle = "24th International Conference on Advanced Communication Technology",
}