Please use this identifier to cite or link to this item:
Title: Empirical comparison between vulnerability detection tools
Authors: Lee, Kian Lon
Keywords: DRNTU::Engineering::Computer science and engineering
Issue Date: 2019
Abstract: Due to an increase in open source libraries usage, organizations are concern about the security risk of using open source libraries. Software Composition Analysis tool is recommended as it is an automated tool that notifies the developers when vulnerabilities in libraries are detected. However, it is difficult for developers to choose a tool that is the most suitable for their project. Each tool uses a different database and has a different approach to detect vulnerabilities. Often, developers realize the tool is not applicable for the project after using it for quite some time. This project aims to assess and compare the accuracy of Software Composition Analysis tools in different configuration environment. Project with different configuration will be used and the result will be stored. The result will be compared to see which tool the best for each project is. This project will also try to identify and understand why false positive and negative occurs.
Rights: Nanyang Technological University
Fulltext Permission: restricted
Fulltext Availability: With Fulltext
Appears in Collections:SCSE Student Reports (FYP/IA/PA/PI)

Files in This Item:
File Description SizeFormat 
  Restricted Access
1.12 MBAdobe PDFView/Open

Page view(s)

Updated on Nov 30, 2020

Download(s) 50

Updated on Nov 30, 2020

Google ScholarTM


Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.