http://sei.cmu.edu/feeds/tag/Updates on changes and additions to the SEI Blog for posts matching Static Analysis Classification and Prioritizationen-usMon, 25 Oct 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/release-of-scaife-system-version-200-provides-support-for-continuous-integration-ci-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesKey features in new release of SCAIFE System Version 2.0.0 including support for continuous-integration (CI) systems, and status of evolving SEI SCAIFE workLori FlynnMon, 25 Oct 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/release-of-scaife-system-version-200-provides-support-for-continuous-integration-ci-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesContinuous Deployment of CapabilitySCALE: A Static Analysis Auditing ToolSecure CodingMachine LearningStatic AnalysisStatic Analysis Classification and PrioritizationSecure DevelopmentArtificial IntelligenceSource Code Analysis Integrated Framework Environment (SCAIFE)https://www.sei.cmu.edu/blog/benefits-and-challenges-of-soar-platforms/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesExplore Security Orchestration, Automation, and Response (SOAR) platforms for improved incident response in this SEI Blog post.Angela Horneman, Justin RayMon, 01 Mar 2021 00:00:00 -0500https://www.sei.cmu.edu/blog/benefits-and-challenges-of-soar-platforms/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesStatic Analysis Classification and Prioritizationhttps://www.sei.cmu.edu/blog/release-scaife-system-version-100-provides-full-gui-based-static-analysis-adjudication-system-meta-alert-classification/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe SEI Source Code Analysis Integrated Framework Environment (SCAIFE) is a modular architecture designed to enable a wide variety of tools, systems, and users to use artificial intelligence (AI) classifiers for static-analysis meta-alerts at relatively low cost and effort.Lori FlynnMon, 14 Dec 2020 00:00:00 -0500https://www.sei.cmu.edu/blog/release-scaife-system-version-100-provides-full-gui-based-static-analysis-adjudication-system-meta-alert-classification/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSource Code Analysis Integrated Framework Environment (SCAIFE)Static Analysis Classification and PrioritizationSCALE: A Static Analysis Auditing Toolhttps://www.sei.cmu.edu/blog/public-repository-data-static-analysis-classification-research/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post describes a new repository of labeled data that CERT is making publicly available for many code-flaw conditions. Researchers can use this dataset along with the associated code and tool output to monitor and test the performance of their automated classification of meta-alerts.Lori FlynnMon, 02 Nov 2020 00:00:00 -0500https://www.sei.cmu.edu/blog/public-repository-data-static-analysis-classification-research/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesStatic Analysis Classification and PrioritizationSCALE: A Static Analysis Auditing ToolSource Code Analysis Integrated Framework Environment (SCAIFE)https://www.sei.cmu.edu/blog/managing-static-analysis-alerts-with-efficient-instantiation-of-the-scaife-api-into-code-and-an-automatically-classifying-system/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesLearn how the SEI's SCAIFE API helps classify and prioritize static analysis alerts, reduce manual effort, and improve accuracy in identifying code flaws.Lori FlynnMon, 14 Sep 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/managing-static-analysis-alerts-with-efficient-instantiation-of-the-scaife-api-into-code-and-an-automatically-classifying-system/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesStatic Analysis Classification and PrioritizationSCALE: A Static Analysis Auditing Toolhttps://www.sei.cmu.edu/blog/data-driven-management-of-technical-debt/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesLearn about the SEI's work on technical debt analysis techniques and practices to help software engineers manage its impact on projects in this SEI Blog post.Ipek Ozkaya, Robert NordMon, 16 Dec 2019 00:00:00 -0500https://www.sei.cmu.edu/blog/data-driven-management-of-technical-debt/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSoftware AssuranceSoftware SustainmentMachine LearningSoftware and Information AssuranceStatic Analysis Classification and PrioritizationArtificial IntelligenceSoftware ArchitectureTechnical DebtSoftware Qualityhttps://www.sei.cmu.edu/blog/an-application-programming-interface-for-classifying-and-prioritizing-static-analysis-alerts/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn this post, we describe the Source Code Analysis Integrated Framework Environment (SCAIFE) application programming interface (API). SCAIFE is an architecture for classifying and prioritizing static analysis alerts.Lori Flynn, Ebonie McNeilMon, 22 Jul 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/an-application-programming-interface-for-classifying-and-prioritizing-static-analysis-alerts/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesStatic Analysis Classification and PrioritizationSCALE: A Static Analysis Auditing Toolhttps://www.sei.cmu.edu/blog/scale-v-3-automated-classification-and-advanced-prioritization-of-static-analysis-alerts/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesStatic analysis tools analyze code without executing it, to identify potential flaws in source code. These tools produce a large number of alerts with high false-positive rates that an engineer must....Lori Flynn, Ebonie McNeilMon, 17 Dec 2018 00:00:00 -0500https://www.sei.cmu.edu/blog/scale-v-3-automated-classification-and-advanced-prioritization-of-static-analysis-alerts/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSCALE: A Static Analysis Auditing ToolSecure CodingStatic Analysis Classification and PrioritizationSecure DevelopmentCyber Missionshttps://www.sei.cmu.edu/blog/scale-a-tool-for-managing-output-from-static-analysis-tools/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesExperience shows that most software contains code flaws that can lead to vulnerabilities. Static analysis tools used to identify potential vulnerabilities in source code produce....Lori FlynnMon, 24 Sep 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/scale-a-tool-for-managing-output-from-static-analysis-tools/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecure CodingSecure DevelopmentStatic Analysis Classification and PrioritizationCyber MissionsSCALE: A Static Analysis Auditing Toolhttps://www.sei.cmu.edu/blog/test-suites-as-a-source-of-training-data-for-static-analysis-alert-classifiers/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesNumerous tools exists to help detect flaws in code. Some of these are called flaw-finding static analysis (FFSA) tools because they identify flaws by analyzing code without running it....Lori Flynn, Zachary KurtzMon, 30 Apr 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/test-suites-as-a-source-of-training-data-for-static-analysis-alert-classifiers/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSoftware and Information AssuranceStatic Analysis Classification and PrioritizationSecure DevelopmentSecure Codinghttps://www.sei.cmu.edu/blog/prioritizing-security-alerts-a-dod-case-study/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesDetailing collaboration with the DoD, the second post in this SEI series highlights field testing of the organization's analysis of 100M lines of code.Lori FlynnMon, 23 Jan 2017 00:00:00 -0500https://www.sei.cmu.edu/blog/prioritizing-security-alerts-a-dod-case-study/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecure CodingAutonomy and Counter-AutonomySoftware and Information AssuranceStatic Analysis Classification and PrioritizationSecure Developmenthttps://www.sei.cmu.edu/blog/prioritizing-alerts-from-static-analysis-to-find-and-fix-code-flaws/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post explores the importance of prioritizing alerts from static analysis tools to effectively identify and fix code flaws in software development.Lori FlynnMon, 06 Jun 2016 00:00:00 -0400https://www.sei.cmu.edu/blog/prioritizing-alerts-from-static-analysis-to-find-and-fix-code-flaws/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecure CodingAutonomy and Counter-AutonomySoftware and Information AssuranceStatic Analysis Classification and PrioritizationSecure Development