B. A. Pozin, P. A. Borodushkina, D. A. Korotkov, M. A. Fedorov, A. F. Muratov, “Vulnerability detection methodology in software written in several programming languages”, Proceedings of ISP RAS, 2025, Volume 37, Issue 1,Pages <nobr>121

Vulnerability detection methodology in software written in several programming languages

B. A. Pozin^abc, P. A. Borodushkina^b, D. A. Korotkov^b, M. A. Fedorov^b, A. F. Muratov^b

^a Ivannikov Institute for System Programming of the RAS
^b National Research University Higher School of Economics
^c «EC-leasing» Co

Abstract: Due to the need to increase labor productivity when analyzing (marking up) the results of an automated vulnerability search in programs conducted using SAST (Static Application Security Testing) tool, there is a problem of a shortage in the market of highly qualified analysts to mark up the results. The paper describes a developed technique for finding vulnerabilities in software written in several programming languages (C, C++, Java, Python, Go). During its development, an analysis of all automatically detectable detectors in programs in these languages and elements of their structures to be analyzed was carried out. The detectors are ordered according to the classification of the regulator. The application of the methodology allows reducing the qualification requirements for analysts conducting markup and training such specialists in developing companies.

Keywords: vulnerability, static analysis of programs, detector, markup, qualification requirements

DOI: 10.15514/ISPRAS-2025-37(1)-7