Upload File

current state and future direction - utah state university · current state and future direction...

  • Home
  • Documents
  • Current state and future direction - Utah State University · Current state and future direction ... [2015] SAST Tools • Deployment models –Desktop, standalone, build integration,
12
Static Analysis Programs Current state and future direction Aravind Venkataraman Practice Director Static Analysis

Upload: others

Post on 22-May-2020

10 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Current state and future direction - Utah State University · Current state and future direction ... [2015] SAST Tools • Deployment models –Desktop, standalone, build integration,

Static Analysis ProgramsCurrent state and future direction

Aravind Venkataraman

Practice Director – Static Analysis

Page 2: Current state and future direction - Utah State University · Current state and future direction ... [2015] SAST Tools • Deployment models –Desktop, standalone, build integration,

Introduction

• Eight years in software security

• Helped firms build software security programs

• Helped firms build and run static analysis capabilities

• Technical expertise in “SAST” tools

• Built Cigital’s managed services capability

Page 3: Current state and future direction - Utah State University · Current state and future direction ... [2015] SAST Tools • Deployment models –Desktop, standalone, build integration,

Objectives

• Introduction to the static analysis marketplace

• Current industry state

• Common program-level challenges

• Future direction

Page 4: Current state and future direction - Utah State University · Current state and future direction ... [2015] SAST Tools • Deployment models –Desktop, standalone, build integration,

Target Audience

• You manage and run a software security program

• You are purchasing a static analysis tool

• You are unsure about investing in static analysis

Page 5: Current state and future direction - Utah State University · Current state and future direction ... [2015] SAST Tools • Deployment models –Desktop, standalone, build integration,

Why Static Analysis

• Move left in the SDLC

• Enable developers to change behavior

• Provide code-level feedback to aid developers in remediation

• Enforce secure coding standards

Page 6: Current state and future direction - Utah State University · Current state and future direction ... [2015] SAST Tools • Deployment models –Desktop, standalone, build integration,

Industry maturity

http://bsimm.com

Page 7: Current state and future direction - Utah State University · Current state and future direction ... [2015] SAST Tools • Deployment models –Desktop, standalone, build integration,

Industry maturity

R&D [2005]

Early adopters [2007]

Gain popularity [2009]

Mainstream adoption [2012]

Commoditization [2015]

Page 8: Current state and future direction - Utah State University · Current state and future direction ... [2015] SAST Tools • Deployment models –Desktop, standalone, build integration,

SAST Tools

• Deployment models – Desktop, standalone, build integration, SaaS.

• Language support – Java, .NET, PHP, JavaScript, SQL, etc.

• Integration options – DAST, defect tracking, reporting.

Page 9: Current state and future direction - Utah State University · Current state and future direction ... [2015] SAST Tools • Deployment models –Desktop, standalone, build integration,

Usage Trend

Developer desktop [2009]

Service bureau [2012]

On-demand SaaS [2015]

Continuous Integration [2016]

[East coast] Service bureau

[Mid west] On-demand SaaS

[West coast] Continuous Integration (CI)

Developer usage

Quick feedback

Developer education

Behavior change

Security usage

Control and governance

Cost-effective

Ease of deployment

Visibility

Page 10: Current state and future direction - Utah State University · Current state and future direction ... [2015] SAST Tools • Deployment models –Desktop, standalone, build integration,

Program-level challenges

• [Process] Scalability

• [Process] Friction in Agile

• [Technology] Tools are noisy

• [Technology] Tool support for dynamic languages (Ruby, JavaScript)

• [People] Developer behavior hard to change

• [People] Expertise not easy to find

Page 11: Current state and future direction - Utah State University · Current state and future direction ... [2015] SAST Tools • Deployment models –Desktop, standalone, build integration,

Future Trend

Continuous Integration (CI)

• [Technology] Existing developer tools (FindBugs, CodePro, Pylint, etc.)

• [Technology] Existing tool chain (SonarQube, Jenkins, Maven, Artifactory, git, etc.)

Dynamic language support

• [Technology] Python, Django, JavaScript, Ruby, etc.

Mobile SAST

• [Technology] On-demand SaaS (SAST + DAST)

• [Technology] Static checks for binary protections

Page 12: Current state and future direction - Utah State University · Current state and future direction ... [2015] SAST Tools • Deployment models –Desktop, standalone, build integration,

Static Analysis Programs

Q&A


Strategic Direction for Lake Superior State University 12/2/17 · pg. 1 LSSU Strategic Direction & Implementation Plan 12 2 17 Strategic Direction for Lake Superior State University

DATASHEET SEARCH SITE ==  · 2017. 8. 18. · ic < VCC + - 1.5V 2. The direction of the input current is out of the IC. This current is essentially constant, independent of the state

CFO Survey: Current state and future direction · CFO Survey: Current state and future direction. The IBM Institute for Business Value develops fact-based strategic insights for senior

Electric current – - bloch.physgeo.uni-leipzig.de€¦ · Experimental Physics IIa - Electric current and circuits 2 Electric current The direction of current is conventionally

RCARO Homepage Management - Current Status and Future Direction -

As a powerful CAD platform with features familiar from native …€¦ · with a chair, indicating the current viewing direction. Manipulate the current viewing direction by clicking

Current status and future direction of the regulatory

Design of all-optical, hot-electron current-direction ... · Design of all-optical, hot-electron current-direction-switching device based on geometrical asymmetry

Radio Direction Finding - Current Eventsgloucestercountyarc.weebly.com/.../11554662/radio_direction_finding... · Radio Direction Finding ... effective in tracking and hunting short

RFP #14-01 for Bookstore Management - Polk State … 2. Current Bookstore Operation a. The Polk State Bookstore, under the direction of the Vice President for Administration/CFO, is

1 THE STATE HOSPITAL THE FORENSIC ADDICTION FORUM FRIDAY 15 TH MARCH 2013 Current Status & Future Direction

Current Status and Direction of SME Policies in Japan

Networks with the regional cities Direction 3 · communications links ... for their future development. Initiatives ... 3.2.4 Update current policies on State and Commonwealth-funded

Global Outsourcing Current Challenges and Future Direction · 2014-10-16 · Global Outsourcing - Current Challenges and Future Direction 23 Managing a contract –future direction

Software Resource and Services Jack Delinsky. Current State Direction Philosophy

The History and Current Direction of Canadian Map Libraries

MV Sept 2002 Ant Consumer Model Using NetLogo Collective information Pheromones with evaporation & diffusion Ant/Agent internal state Current direction

STATE ADMINISTRATION REFORM IN CROATIA (possible direction)

ApGrid: Current Status and Future Direction

HEALTH EDUCATION PROGRAMME IN MALAYSIA CURRENT SITUATION AND FUTURE DIRECTION

Objective of Ministry Audit Describe the synod Current state of Rocky Mountain Synod Identify strengths and areas for growth Assess whether current direction

Mathematics education in Singapore: Current trend and future direction

1 Alternating Current and RLC Circuits Alternating Current: the current direction changes with time. Compare with DC in which the current direction stays

Health Product Vigilance Framework€¦ · 3.2 Desired State..... 7 4 Canada’s Current ... define the regulatory philosophy and policy direction, and will outline the structure

CURRENT STATE OF SNOW REMOTE SENSING ......CURRENT STATE OF SNOW REMOTE SENSING OBSERVATIONS, FUTURE DIRECTION AND REMAINING CHALLENGES 1 Thanks to: Nick Rutter, Ian Davenport, Debbie

ONE MARK QUESTIONS · changes to direction and magnitude with time. b. A cell supply direct current (DC) or unidirectional current which flows only in one direction only. 12. State

Sea State Report - Channel Coast State... · Highest Suffolk storm events in 2007/2008 ... current velocity and direction at different bin depths throughout the water column.

Current State Assessment · Current Phase: 2. Current State Assessment This report details the results of Phase 2 of the Engagement, which encompasses the Current State Assessment

Electrical System Instruments and components. Alternating Current An alternating current (AC) is an electric current whose direction reverses cyclically,

Hydrail in Korea and Asia: The Current Direction

Current state of_digital_business_environment_in_finland

CURRENT MARKET DIRECTION: UPTREND.armchairinvestor.com/wp-content/uploads/2020/04/... · 4/23/2020  · CURRENT MARKET DIRECTION: UPTREND. Armchair Investor Trend-following Investment

Direction of Induced Current - University of · PDF fileDirection of Induced Current S N ... Direction = clockwise (Lenz’s law) Current = 3.016 / 0.05 = 60.3 A 1 ... ConcepTest:

Current State VSM

Stock Valuation Basics - Pennsylvania State University€¦ · Web viewMomentum: Belief that stocks will continue in current price direction (up, down, sideways) because the market