Identifying security risks in code using security metric comparison

An example system includes a processor to receive a source code and history information, wherein the history information includes a version control history or a defect history, or a combination of the version control history and the defect history. The processor is to also divide the source code int...

Full description

Saved in:
Bibliographic Details
Main Authors Raz, Orna, Brodie, Aharon, Derobertis, Christopher V
Format Patent
LanguageEnglish
Published 09.06.2020
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online AccessGet full text

Cover

More Information
Summary:An example system includes a processor to receive a source code and history information, wherein the history information includes a version control history or a defect history, or a combination of the version control history and the defect history. The processor is to also divide the source code into security-related components and security-non-related components. The processor is to further calculate security metrics for each of the security-related components and each of the security-non-related components based on the history information. The processor is also to compare the security metrics of the security-related components with the security metrics of the security-non-related components. The processor is to further generate a visual representation comprising a highlighted area of concern based on the comparison.
Bibliography:Application Number: US201715401118