Auto-tuning program analysis tools using machine learning
US-10135856-B2 · Nov 20, 2018 · US
Tracking developer behavior with respect to software analysis tools
US11663341B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11663341-B2 |
| Application number | US-201916723479-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 20, 2019 |
| Priority date | Oct 17, 2014 |
| Publication date | May 30, 2023 |
| Grant date | May 30, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Disclosed are various embodiments for tracking developer behavior with respect to software analysis tools. In one embodiment, a security analysis is performed upon a first revision of a program, where the security analysis is based at least in part on a plurality of rules. A first security issue found in the security analysis upon the first revision of the program is identified. The security analysis is performed upon a second revision of the program. A second security issue found in the security analysis upon the second revision of the program is identified. The rules are updated based at least in part on whether the first security issue is corrected in the second revision as determined based at least in part on a comparison of the first security issue to the second security issue.
First claim
Opening claim text (preview).
Therefore, the following is claimed: 1. A non-transitory computer-readable medium embodying a program executable in at least one computing device, wherein when executed the program causes the at least one computing device to at least: perform a first security analysis upon a plurality of first revisions of a plurality of programs, the first security analysis being based at least in part on a plurality of rules; generate first report data identifying a first plurality of security issues found in the first security analysis; perform a second security analysis upon a plurality of second revisions of the plurality of programs, the second security analysis being based at least in part on the plurality of rules; generate second report data identifying a second plurality of security issues found in the second security analysis; and cause a particular rule of the plurality of rules to be disabled or assigned a lesser weight, based at least in part on an identification that a particular security issue of the first plurality of security issues remains uncorrected in the plurality of second revisions, indicating that a false positive is provoked by the particular rule as determined based at least in part on a comparison of the first plurality of security issues to the second plurality of security issues. 2. The non-transitory computer-readable medium of claim 1 , wherein when executed the program further causes the at least one computing device to at least determine a developer who wrote first source code corresponding to at least a threshold quantity of the first plurality of security issues that are corrected in the plurality of second revisions. 3. The non-transitory computer-readable medium of claim 2 , wherein when executed the program further causes the at least one computing device to at least determine a coding characteristic associated with the developer based at least in part on a source code analysis of second source code written by the developer. 4. The non-transitory computer-readable medium of claim 3 , wherein the coding characteristic comprises at least one of: a variable name characteristic, an indentation characteristic, a code commenting characteristic, or an optional punctuation usage characteristic. 5. A system, comprising: at least one computing device; and at least one application executable in the at least one computing device, wherein when executed the at least one application causes the at least one computing device to at least: perform a security analysis upon at least one first revision of at least one program, the security analysis being based at least in part on a plurality of rules; identify at least one first security issue found in the security analysis upon the at least one first revision of the at least one program; perform the security analysis upon at least one second revision of the at least one program; identify at least one second security issue found in the security analysis upon the at least one second revision of the at least one program; and cause a particular rule of the plurality of rules to be updated based at least in part on an identification that a particular security issue of the at least one first security issue remains uncorrected in the at least one second revision, indicating that a false positive is provoked by the particular rule as determined based at least in part on a comparison of the at least one first security issue to the at least one second security issue. 6. The system of claim 5 , wherein when executed the at least one application further causes the at least one computing device to at least determine a developer who wrote first source code corresponding to at least a threshold quantity of the at least one first security issue that are corrected in the at least one second revision. 7. The system of claim 6 , wherein when executed the at least one application further causes the at least one computing device to at least determine a coding characteristic associated with the developer based at least in part on a source code analysis of second source code written by the developer. 8. The system of claim 7 , wherein the coding characteristic comprises at least one of: a variable name characteristic, an indentation characteristic, a code commenting characteristic, or an optional punctuation usage characteristic. 9. The system of claim 7 , wherein the coding characteristic is a stylistic characteristic that does not directly cause a security issue. 10. The system of claim 7 , wherein the second source code does not exhibit the at least one first security issue or the at least one second security issue. 11. The system of claim 5 , wherein when executed the at least one application further causes the at least one computing device to at least: generate first report data that identifies the at least one first security issue found in the security analysis upon the at least one first revision of the at least one program; and generate second report data that identifies the at least one second security issue found in the security analysis upon the at least one second revision of the at least one program. 12. The system of claim 5 , wherein causing the plurality of rules to be updated further comprises modifying a configuration of a security analysis tool used to perform the security analysis. 13. The system of claim 5 , wherein when executed the at least one application further causes the at least one computing device to automatically execute a security analysis tool to perform the security analysis upon the at least one second revision of the at least one program in response to receiving the at least one second revision of the at least one program. 14. The system of claim 5 , wherein the security analysis comprises a static code analysis and a dynamic code analysis. 15. A method, comprising: performing, via at least one of one or more computing devices, a security analysis upon at least one first revision of at least one program, the security analysis being based at least in part on a plurality of rules; identifying, via at least one of the one or more computing devices, at least one first security issue found in the security analysis upon the at least one first revision of the at least one program; performing, via at least one of the one or more computing devices, the security analysis upon at least one second revision of the at least one program; identifying, via at least one of the one or more computing devices, at least one second security issue found in the security analysis upon the at least one second revision of the at least one program; and causing, via at least one of the one or more computing devices, the plurality of rules to be updated based at least in part on an identification that the at least one first security issue remains uncorrected in the at least one second revision, indicating that a false positive is provoked by the plurality of rules as determined based at least in part on a comparison of the at least one first security issue to the at least one second security issue. 16. The method of claim 15 , further comprising determining, via at least one of the one or more computing devices, a developer who wrote first source code corresponding to at least a threshold quantity of the at least one first security issue that are corrected in the at least one second revision. 17. The method of claim 16 , further comprising determining, via at least one of one or more computing devices, a coding characteristic associated with the developer based at least in part on a source code analysis of second source code writt
Assignees
Inventors
Classifications
Version control (security arrangements therefor G06F21/57); Configuration management · CPC title
Software metrics · CPC title
Analysis of software for verifying properties of programs (testing of software G06F11/3668) · CPC title
- G06F21/577Primary
Assessing vulnerabilities and evaluating computer system security · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11663341B2 cover?
- Disclosed are various embodiments for tracking developer behavior with respect to software analysis tools. In one embodiment, a security analysis is performed upon a first revision of a program, where the security analysis is based at least in part on a plurality of rules. A first security issue found in the security analysis upon the first revision of the program is identified. The security an…
- Who is the assignee on this patent?
- Amazon Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/577. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue May 30 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).