Auto saved by Logseq

This commit is contained in:
2025-06-02 17:15:13 +02:00
commit d9ea3d552d
6279 changed files with 711145 additions and 0 deletions
+24
View File
@@ -0,0 +1,24 @@
type:: [[REVIEWS]]
tags:: [[Vulnerability Detection]] [[preliminary study]]
year:: 2023
venue:: [[SATTOSE]]
full-title:: A Novel Approach for Comparing Automated [[Vulnerability Detection]] Techniques
date-start:: [[04-05-2023]] - 17:45
date-submitted:: [[04-05-2023]]
external-links::
file:: ![SATToSE_2023_paper_3.pdf](../assets/SATToSE_2023_paper_3_1683215144921_0.pdf)
status:: [[DONE]]
- [[Highlights]]
- ((6453d7aa-f4f2-4827-8e44-8301495c66c8))
- Can be defined once for all?
-
- [[Comments]]
- The [[paper]] presents a research plan to compare automated tools for vulnerability detection. The goal is providing decision-makers with factual elements that can help the selection of the tool that best fit the particular problem at hand.
- The [[paper]] is a research plan and consequently does not go further the [[definition]] of the research questions and drawing perspective actions that [[authors]] will undertake to perform the study. In this respect, I think the [[paper]] can benefit some discussions during the [[WORKSHOP]] so that the plan can be refined [[by]] leveraging on the points that will be discussed during the event.
- As minor point, I suggest the [[authors]] to consider the possibility of envisioning a flexible comparison system that can be configured [[by]] the final users that want to perform the comparison. For instance, for some the rate of analyzed components can be less important than the discovery rate of vulnerabilities of the analysed tools. Thus, it can be interesting to envision the possibility of definying custom quality [[MODELS]] that can be automatically assessed accoding to the [[definition]] of quality that the users can specify for the specific comparision sessions.
- RIVISTA
- In the paper, a research plan is presented that aims to compare automated tools for detecting vulnerabilities. The objective is to furnish decision-makers with factual information that can guide them in selecting the most suitable tools for a given vulnerability detection problem.
- The paper is a research plan and consequently does not go further than the definition of the research questions and drawing perspective actions that authors will undertake to perform the study. In my opinion, the plan makes very much sense even though it can benefit potential discussions during the workshop.
- As minor point, the authors should consider the possibility of envisioning a flexible comparison system that can be configured by the final users that want to perform the comparison. For instance, for some, the rate of analyzed components can be less important than the discovery rate of vulnerabilities of the analyzed tools. Thus, it can be interesting to envision the possibility of defining custom quality models that can be automatically assessed according to the definition of quality that the users can define for the specific comparison sessions.
- I suggest removing the term "Novel" from the title since the paper does not emphasize any new elements "process wise".