Software Assurance Analysis and Visual Analytics
To increase confidence that software is secure, researchers and vendors have developed different kinds of automated software
security analysis tools. These tools analyze software for weaknesses and vulnerabilities, but produce massive data with many false
positives. Further, the individual tools catch different vulnerabilities, often with little overlap. The NSA tested five static code analysis
tools and found that 84pct of the vulnerabilities were identified by only one tool. These results point to the need to combine and
correlate the results of multiple tools to ensure comprehensive vulnerability analysis. However, the disparate interfaces and nonnormalized
results of each tool make correlation of their results taxing to the software developer. The Secure Decisions Division of
Applied Visions Inc. is developing a Software Assurance Analysis and Visual Analytics platform that integrates the results of
disparate software analysis tools into a visual environment for triage and exploration of code vulnerabilities. Software developers can
explore voluminous vulnerability results to uncover hidden trends, triage the most important code weaknesses, and show who is
responsible for introducing software vulnerabilities. Visual analytics focus the user`s attention on the most pressing vulnerabilities. By
correlating and normalizing data from multiple tools, the overall vulnerability detection coverage of software is increased.
Small Business Information at Submission:
Applied Visions, Inc.
6 Bayview Avenue Northport, NY 11768-1502
Number of Employees: