Improve Your Static Analysis Audits Using CERT SCALe’s New Features
Nov 7, 2018 · Virtual SEI Webcast
Learn how to become a research project collaborator for SCALe v3
About the Webcast
In this webcast, Lori Flynn, a CERT senior software security researcher, describes the new features in SCALe v3, a research prototype tool. SCALe v2, available on GitHub, offers a subset of features available in SCALe v3. Over the last three years, as part of alert classification and prioritization research projects she has led, her team has added new features to the (privately released) 2015 version of SCALe (v1) that are intended to assist with automated static analysis alert classification and advanced alert prioritization. Flynn invites people in other organizations to collaborate with her team, including testing SCALe v3 and providing sanitized audit archives. Collaborators also might have an opportunity to become involved in developing a version of SCALe that would be usable in production, not just as a research prototype tool.
What attendees will learn
- how to use the features in SCALe v2, available on GitHub, that aren’t documented in the previous SCALe videos
- how to use the new features in SCALe v3, available only to research project collaborators, that aren’t documented in the previous SCALe videos
- features of a new system that enable sophisticated alert classification and prioritization, with SCALe as a replaceable part (Any other static analysis tool that implements our system API can, with relatively low development cost, quickly benefit from using classifiers and advanced prioritization.)
Who should attend?
- software developers
- static analysis tool vendors, developers, and users
- software development project managers