Static Security Vulnerability Scanning of Proprietary and Open-Source Software: An Adaptable Process with Variants and Results

📅 2025-09-21
📈 Citations: 0
Influential: 0
📄 PDF

career value

178K/year
🤖 AI Summary
To address the challenges of identifying static security vulnerabilities in proprietary and open-source software, unclear vulnerability remediation priorities, and escalating software supply chain risks, this paper proposes an end-to-end, customizable Static Application Security Testing (SAST) workflow. The workflow enables multi-tool orchestration, iterative scanning, and seamless DevSecOps integration, incorporating AI-driven vulnerability prioritization and automated remediation governance as key innovations. Leveraging a generalized process design with environment-adaptive configuration, it significantly improves detection coverage and remediation efficiency. Experimental evaluation in industrial settings demonstrates that the approach reduces source-code-level vulnerabilities by 32.7%, mitigates third-party component–introduced risks by 41.5%, and ensures backward compatibility with legacy systems while supporting scalable deployment across heterogeneous environments.

Technology Category

Application Category

📝 Abstract
Software vulnerabilities remain a significant risk factor in achieving security objectives within software development organizations. This is especially true where either proprietary or open-source software (OSS) is included in the technological environment. In this paper an end-to-end process with supporting methods and tools is presented. This industry proven generic process allows for the custom instantiation, configuration, and execution of routinized code scanning for software vulnerabilities and their prioritized remediation. A select set of tools are described for this key DevSecOps function and placed into an iterative process. Examples of both industrial proprietary applications and open-source applications are provided including specific vulnerability instances and a discussion of their treatment. The benefits of each selected tool are considered, and alternative tools are also introduced. Application of this method in a comprehensive SDLC model is also reviewed along with prospective enhancements from automation and the application of advanced technologies including AI. Adoption of this method can be achieved with minimal adjustments and with maximum flexibility for results in reducing source code vulnerabilities, reducing supply chain risk, and improving the security profile of new or legacy solutions.
Problem

Research questions and friction points this paper is trying to address.

Developing adaptable process for scanning proprietary and open-source software vulnerabilities
Creating configurable DevSecOps workflow for prioritized vulnerability remediation
Reducing source code vulnerabilities and supply chain risks in SDLC
Innovation

Methods, ideas, or system contributions that make the work stand out.

Adaptable end-to-end process for vulnerability scanning
Custom instantiation of routinized code scanning
Iterative DevSecOps integration with tool flexibility
🔎 Similar Papers
J
James J. Cusick
Dept. of Electronic and Computer Engineering, Ritsumeikan University, Kusatsu, Shiga, Japan