Software Engineering Institute (SEI) Podcast Series artwork

Automated Repair of Static Analysis Alerts

Software Engineering Institute (SEI) Podcast Series

English - May 31, 2024 17:29 - 27 minutes - 33.2 MB - ★★★★★ - 18 ratings
Technology Science futuretech softwareengineering cybersecurity Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Cyber Career Pathways and Opportunities
Next Episode: Developing a Global Network of Computer Security Incident Response Teams (CSIRTs)

Developers know that static analysis helps make code more secure. However, static analysis tools often produce a large number of false positives, hindering their usefulness. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), David Svoboda, a software security engineer in the SEI’s CERT Division, discusses Redemption, a new open source tool from the SEI that automatically repairs common errors in C/C++ code generated from static analysis alerts, making code safer and static analysis less overwhelming.