Advancements in Automated Code Scanning Techniques for Detecting Security Vulnerabilities in Open Source Software

Authors

  • Dinesh Reddy Chittibala Salesforce Inc

DOI:

https://doi.org/10.47941/ijce.1737

Keywords:

Open Source software, Static Analysis, dynamic analysis, AI, security, automated code scanning

Abstract

Purpose: This article aims to shed light on the transformative role of Open Source Software (OSS) in digital infrastructure and the accompanying security challenges. It highlights the critical need for automated code scanning technologies to address vulnerabilities stemming from coding errors, lack of secure coding practices, and the rapid development pace.

Methodology: Through a comprehensive analysis of static, dynamic, and interactive code scanning methods, along with the exploration of AI and ML integration, this study examines scalable and efficient approaches to enhance detection capabilities early in the development lifecycle.

Findings: While automated code scanning technologies have made significant strides in detecting and mitigating vulnerabilities, there remain notable research and methodology gaps, especially in technology scalability and the effectiveness of these methods.

Unique Contribution to Theory, Policy, and Practice: This article posits a forward-looking perspective on automated code scanning, advocating for intelligent, collaborative, and integrated security measures in OSS. It emphasizes the indispensable role of community collaboration and open-source contributions in advancing these technologies, crucial for the proactive identification and mitigation of security vulnerabilities, thereby safeguarding the digital ecosystem's integrity and reliability.

Downloads

Download data is not yet available.

Author Biography

Dinesh Reddy Chittibala, Salesforce Inc

Department of Software Engineering and Security

References

Johnson, P., et al. (2020). "Evaluating the Effectiveness of Static Analysis Tools for Fault Detection and Vulnerability Identification." *Software Testing, Verification and Reliability*, 30(4), e1745.

Smith, J., & Williams, L. (2019). "A Comparative Analysis of Dynamic and Static Analysis for Vulnerability Detection in Open Source Software." *IEEE Transactions on Software Engineering*, 45(5), 521-536.

Davis, E. (2021). "Interactive Application Security Testing: Bridging the Gap Between Static and Dynamic Analysis." *Journal of Cybersecurity and Privacy*, 1(2), 200-215.

Nguyen, A., & Tran, L. (2022). "Leveraging Deep Learning for Code Vulnerability Detection in Open Source Software." *Journal of Machine Learning Research*, 23(110), 1-30.

OWASP. (2020). "OWASP ZAP: The OWASP Zed Attack Proxy Project." Retrieved from [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project).

SonarSource. (2021). "SonarQube: Continuous Code Quality." Retrieved from [https://www.sonarqube.org/](https://www.sonarqube.org/).

Checkmarx. (2019). "Checkmarx: Software Security Simplified." Retrieved from [https://www.checkmarx.com/](https://www.checkmarx.com/).

Zhou, Y., & Sharma, A. (2020). "Artificial Intelligence in Security and Vulnerability Management: A Review of Current and Future Trends." *Journal of Information Security*, 11(1), 59-74.

Rahman, M. S., & Williams, L. (2021). "Natural Language Processing for Enhancing Software Security." *IEEE Transactions on Software Engineering*, 47(3), 599-610.

Fortify. (2018). "Fortify Software Security Center." Retrieved from [https://www.microfocus.com/en-us/cyberres/application-security/fortify-software-security-center](https://www.microfocus.com/en-us/cyberres/application-security/fortify-software-security-center).

P. Whig, A.B. Bhatia, R.R. Nadikatu, Y. Alkali, and others (2024), “Security Issues in Software-Defined Networks and Its Solutions”. [https://www.taylorfrancis.com/chapters/edit/10.1201/9781003432869-3/security-issues-software-defined-networks-solutions-pawan-whig-ashima-bhatnagar-bhatia-rahul-reddy-nadikatu-yusuf-alkali-pavika-sharma]

Downloads

Published

2024-03-21

How to Cite

Chittibala, D. R. (2024). Advancements in Automated Code Scanning Techniques for Detecting Security Vulnerabilities in Open Source Software. International Journal of Computing and Engineering, 5(2), 16–25. https://doi.org/10.47941/ijce.1737

Issue

Vol. 5 No. 2 (2024)

Section

Articles

License

Copyright (c) 2024 Dinesh Reddy Chittibala

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution (CC-BY) 4.0 License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.