false positive reduction

Conclusion slide of the presentation

Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability

Our paper suggests an adapted algorithm that can report error chains between API misuses. The empirical study onn 471 GitHub repositories showed that 50% of projects are affected by connected cryptographic API misuses. Further, the runtime overhead is minimal, and developers appreciate the adaption.

March 2024 · Anna-Katharina Wickert, Michael Schlichtig, Marvin Vogel, Lukas Winter, Mira Mezini, Eric Bodden
Last slide of the talk and an overview of the work.

To Fix or Not to Fix: A Critical Study of Crypto-misuses in the Wild

Empirial study of cryptographic misuses on enterprise-driven applications that identified several potential effective false positives, such as the use of hash algorithms in a non-security context. Further, we introduced a theoretical model of vulnerabilities caused by API misuses.

December 2022 · Anna-Katharina Wickert, Lars Baumgärtner, Michael Schlichtig, Krishna Narasimhan, Mira Mezini