Current static code analysis tools still show many problems. For instance, in practice these tools are not well accepted by developers. One of the reasons for that is that the developers face many warnings when using these tools. Due to a lack of precision, a lot of the reported warnings are even false, so-called false-positives. This greatly demotivates the developers to deal with security issues. Hence, many software development processes still treat software security as incidental. The goal of this project is to improve the usability of static analysis tools according to the needs of developers. This requires the research of new technologies especially in the following areas:

  • Optimized analysis mechanisms
  • Optimized representation of analysis results
  • Flexible adjustments to the context of use
  • Accompanying studies

In this project, software developers are particularly considered. Initially, studies will be carried out to unveil the reasons for why developers make mistakes and introduce security issues during the implementation of software systems. Later then, static analysis tools will be developed to support developers in the development process, to detect security vulnerabilities more easily in the early stage of software development.

Principle Investigators (PIs):

Prof. Dr. Eric Bodden
Fachgruppe Softwaretechnik
Heinz Nixdorf Institut
Universität Paderborn

Prof. Dr. Matthew Smith
Arbeitsgruppe Usable Security and Privacy
Institut für Informatik 4
Rheinischen-Friedrich-Wilhelms-Universität Bonn

PhD Students:

Linghui Luo
Fachgruppe Softwaretechnik
Heinz Nixdorf Institut
Universität Paderborn
@LinguiLuo

Mischa Meier
Institut für Informatik 4
Universität Bonn