Why SecuCheck?

Static code analysis is a technology to detect various security vulnerabilities at implementation time. However, as studies show, developers reject static analysis tools, as they find them hard to configure such that they can operate efficiently in their application context. With their default parameters, most tools produce a high number of false warnings, while missing vulnerabilities that may be important. This demotivates the developers. The goal of this project is to reduce the gap between static analysis and software development, thereby improving the user experience of static analysis tools.

Learn More

Results

There aren't any results as yet, but project updates can be seen on Twitter.

Team

Goran Piskachev

Project Lead

Prof. Eric Bodden

Research Advisor

Ingo Budde

Developer

Jan-Niclas Strüwer

Developer

Oshando Johnson

Developer

Ashish Shukla

Developer

Johannes Späth

Consultant

Partners

Funded by

Contact

Goran Piskachev
Fraunhofer IEM Institute for Mechatronic Systems Design
Department Software Engineering and IT-Security
Zukunftsmeile 1
33102 Paderborn

e-Mail: