Source Code Static Analyzer Tool

Coverity的Prevent产品声称可以reduces false positives(误报) while minimizing the likelihood of false negatives(漏报)。

相关的术语还包括:true positive, false positive, true negative and false negative, 这些术语广泛应用于诊断测试工具,包括代码分析工具、计算机病毒检测工具、 防火墙入侵检测工具 、医院中的生物病毒检测工具等等。

以下定义来源于NIST发布的Source Code Security Analysis Tool Functional Specification Version 1.0:
false negative When a tool does not report a weakness where .e is present. If the tool does not claim to identify a certain class of weakness, not reporting a weakness of that class is not a false negative.
即漏报,存在的缺陷没有报告出来。
也被称为I类error。



false positive When a tool reports a weakness where no weakness is present.
即误报,报告出来的缺陷实际上并不存在。
也被称为II类error。

false positive rate  The number of false positives divided by the sum of the number of false positives and the number of true positives.
误报率 = 误报数/(误报数+实报数)

true positive  When a tool reports a weakness where .e is present.
即实报,报告出来的缺陷确实存在。

在[2]中还给出了以下定义:
Condition Present + Positive result = True Positive
Condition absent + Positive result = False Positive
Condition present + Negative result = False (invalid) Negative
Condition absent + Negative result = True (accurate) Negative
并给出了Bayes's theorem等统计特性。

参考资料:
[1] Source Code Security Analysis Tool Functional Specification Version 1.0, NIST Special Publication 500-268 [url]http://samate.nist.gov/docs/source_code_security_analysis_spec_SP500-268.pdf[/url]

[2] Type I and type II errors, [url]http://en.wikipedia.org/wiki/Type_I_and_type_II_errors[/url]

你可能感兴趣的:(职场,休闲,相关术语)