Explaining Static Analysis - A Perspective
Static code analysis is widely used to support the development of secure software. It helps developers detect potential bugs and security vulnerabilities in a program’s source code without executing it. While the potential benefits of static analysis tools are beyond question, their usability is often criticised and prevents software developers from using static analysis to its full potential. In the past decade, researchers have studied developer needs and opposed them to available static analysis tool functionalities. In this paper, we summarize the main design challenges for building usable static analysis tools, and show that they revolve around the notion of explainability. We present existing analysis tools and current research in static analysis usability, and detail how they approach those challenges. This leads us to proposing potential lines of future work in explainability for static analysis, namely turning static analysis tools into assistants and teachers.
Fri 15 Nov Times are displayed in time zone: (GMT-07:00) Tijuana, Baja California change
|11:00 - 11:30|
|11:30 - 12:00|
|12:00 - 12:30|