A Smart and Defensive Human-Machine Approach to Code Analysis

TL;DR

This paper presents a human-machine collaborative approach using virtual assistants and recommender systems to enhance static code analysis, aiming to improve security and usability for safety-critical software development.

Contribution

It introduces a novel method combining virtual assistants and recommender systems to guide programmers in selecting and applying static analysis tools effectively.

Findings

Recommender system helps select appropriate analysis tools.

Guides programmers through security best practices.

Tracks user behavior to improve recommendations.

Abstract

Static analysis remains one of the most popular approaches for detecting and correcting poor or vulnerable program code. It involves the examination of code listings, test results, or other documentation to identify errors, violations of development standards, or other problems, with the ultimate goal of fixing these errors so that systems and software are as secure as possible. There exists a plethora of static analysis tools, which makes it challenging for businesses and programmers to select a tool to analyze their program code. It is imperative to find ways to improve code analysis so that it can be employed by cyber defenders to mitigate security risks. In this research, we propose a method that employs the use of virtual assistants to work with programmers to ensure that software are as safe as possible in order to protect safety-critical systems from data breaches and other attacks. The proposed method employs a recommender system that uses various metrics to help programmers select the most appropriate code analysis tool for their project and guides them through the analysis process. The system further tracks the user's behavior regarding the adoption of the recommended practices.