Automating Static Analysis Alert Handling with Machine Learning: 2016-2018
Software Engineering Institute
The Software Engineering Institute's CERT Division developed tools that prioritize alerts created by static analysis of code, which is helpful when static analysis creates a large number of alerts. The tools help sort alerts by automatically marking them as true or false positives to help auditors make more consistent decisions about alerts more quickly. This presentation provides an overview of the lexicon and rules that the tools use to determine whether an alert is flagged as true or false. The presentation also addresses the CERT Division’s plans to continue developing these tools by building machine learning classifiers that can predict true and false determinations for an even wider set of alerts.