Automated Repair of Static Analysis Alerts

May 31, 2024 • Podcast

By

David Svoboda

David Svoboda discusses Redemption, a new open source tool that automatically repairs common errors in C/C++ code generated from static analysis alerts.

Publisher

Software Engineering Institute

DOI (Digital Object Identifier)

10.58012/pakd-5333

Topic or Tag

Listen

Watch

Abstract

Developers know that static analysis helps make code more secure. However, static analysis tools often produce a large number of false positives, hindering their usefulness. In this podcast, David Svoboda, a software security engineer in the SEI’s CERT Division, discusses Redemption, a new open source tool from the SEI that automatically repairs common errors in C/C++ code generated from static analysis alerts, making code safer and static analysis less overwhelming.

About the Speaker

David Svoboda

David Svoboda is a software security engineer at the CERT Division of the Software Engineering Institute. He co-authored or contributed to four books, including The SEI CERT C Coding Standard and The CERT Oracle Secure Coding Standard for Java. He also maintains the SEI CERT Coding Standards wiki and has …

Software Engineering Institute