|
|
|
|
|
|
by asadeddin
632 days ago
|
|
|
I would redefine it a bit. Reliable = deterministic Accurate? Not at all. Studies show that ~30% of findings are false positive. We've also seen that with the companies we work with because we built a false positive detection feature in Corgea. There's another ~60% of issues that are false negative. https://personal.utdallas.edu/~lxz144130/publications/icst20... We combine static analysis + LLMs to do better detection, triaging and auto-fixing because static analysis alone is broken in many ways. |
|
|