Revision as of 09:22, 25 October 2022 edit 92.233.90.249 (talk) →SAST weaknesses Tag: Reverted ← Previous edit		Revision as of 09:45, 25 October 2022 edit undo 92.233.90.249 (talk) →SAST weaknesses Tag: Reverted Next edit →
Line 260: Scanning many lines of code with SAST tools may result in hundreds or thousands of vulnerability warnings for a single application. It generates many false-positives, increasing investigation time and reducing trust in such tools. This is particularly the case when the context of the vulnerability cannot be caught by the tool<ref name="ReferenceA"/> Security notifications produced by static analysis tools may not also be useful to developers. A simple one sentence description that says: there is a security issue in line X, may be as useful as a full page notification produced by a static analysis tool. Empirical data shows that the presentation of such information can impact how developers make use of these tools. <ref>{{cite journal \|last1=Tahaei \|first1=Mohammad \|last2=Vaniea \|first2=Kami \|last3=Beznosov \|first3=Konstantin \|last4=Wolters \|first4=Maria \|title=Security Notifications in Static Analysis Tools: Developers' Attitudes, Comprehension, and Ability to Act on Them \|journal=Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems \|date=2021 \|doi=10.1145/3411764.3445616 \|url=https://mohammad.tahaei.com/publication/chi-2021-security-notifications/ \|access-date=25 October 2022}}</ref> == See also ==

Static application security testing: Difference between revisions