Querying detailed whole-program representations with 100+mil LOC on commodity hardware
When designing feature-rich whole-program graph representations, a core conflict exists between the desire to model as many aspects of the program as possible and that of keeping the graph small enough for timely processing on commodity hardware. This article outlines techniques that help deal with this dilemma, making it possible ... Read More
Beating the OWASP Benchmark
Tl;dr; Today, we present the results of evaluating ShiftLeft’s static analysis pipeline on the OWASP benchmark, where we achieve a true positive rate of 100% at 25% false positives. With a resulting Youden Index of 75%, this makes our analysis the best in class, beating the commercial average by 45%, ... Read More
Save Joern — Open Source at ShiftLeft
TL;DR; We want the technology developed at ShiftLeft to benefit open security projects and the security research community as much as possible. Therefore, we are planning to open-source our semantic code property graph and its query language in the coming months, and integrate the open-source C/C++ code analyzer “Joern” (http://mlsec.org/joern/) ... Read More
