Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A Code Security Evaluation Method Based on Defect Analysis

A security evaluation and defect analysis technology, applied in software testing/debugging, etc., can solve problems such as increasing the complexity and difficulty of code security evaluation, lack of evaluation factors, and generalization of code security

Active Publication Date: 2017-12-15
STATE GRID CORP OF CHINA +2
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The tools for detecting code security in the prior art are more about detecting the number of defects in the code, and do not evaluate the security of the entire code. For example, although the Fortify code security detection tool can prompt the security level of the code , but it only includes three security levels of high, medium and low
[0004] At the same time, different code security defect research organizations, such as CWE, Nist, OWASP, etc., have different description methods for code security defects, and there is no unified code security defect classification method, which increases the complexity of the overall code security assessment of the application system and difficulty
[0005] Therefore, in order to improve the existing code security evaluation method, it is particularly important to provide a code security evaluation method due to the limitations that the evaluation of code security is too generalized and the evaluation factors introduced are too lacking.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Code Security Evaluation Method Based on Defect Analysis
  • A Code Security Evaluation Method Based on Defect Analysis
  • A Code Security Evaluation Method Based on Defect Analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] Embodiments of the present invention are described in detail below, examples of which are shown in the drawings, wherein the same or similar reference numerals designate the same or similar elements or elements having the same or similar functions throughout. The embodiments described below by referring to the figures are exemplary and are intended to explain the present invention and should not be construed as limiting the present invention.

[0035] A code security evaluation method based on defect analysis provided by the present invention, the specific steps are as follows figure 1 Shown:

[0036] Step 1: Obtain the threat level DW of the code defect WA:

[0037] ①: Establish code defect classification through Fortify, including serious risk defect Critical, high risk defect High, medium risk defect Medium and low risk defect Low;

[0038] Code defect classification: AttributeSet = {Critical, Hight, Medium, Low};

[0039] Code defect classification set: Attribute...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a code safety evaluating method based on defect analysis. The code safety evaluating method comprises the step 1 of acquiring the threat degree DW of code debt WA, the step 2 of constructing a code debt library, the step 3 of carrying out quantitative analysis on codes, and the step 4 of acquiring the safety values TA of the codes. Compared with the prior art, the code safety evaluating method based on the defect analysis can comprehensively quantize and evaluate code safety from code debt writing generation, code debt writing prevention and results of writing personnel quality in code environment coefficients EVA. Thus, the accuracy of code safety evaluation is improved, code safety is improved, and the whole safety of application systems is enhanced.

Description

technical field [0001] The invention relates to a code security evaluation method, in particular to a code security evaluation method based on defect analysis. Background technique [0002] With the gradual deepening of informatization construction, the trend of information security attacks has also changed, from attacking systems and networks in the past to attacking application systems. According to the statistics of Gartner, an international authoritative consulting organization, 75% of information security attacks currently occur at the application system level rather than at the system and network levels. Common attacks in the network have gradually evolved from traditional system vulnerability attacks to attacks on the application's own weaknesses. attack. Among them, the weaknesses and defects of the application system itself are mainly caused by developers not paying attention to the safety of writing codes when coding. [0003] As the types and functions of applic...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F11/36
Inventor 范杰石聪聪郭骞高鹏李尼格蒋诚智俞庚申冯谷余勇曹宛恬鲍兴川
Owner STATE GRID CORP OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com