Research: Correlation technology & applicability for SAST
Problem to solve
SAST can report multiple vulnerabilities and issues that are all coming from the same place in code. This increases the amount of results that a user must then sort through, which can be time-consuming and difficult for them to do.
Proposal
Research how we can apply the correlation technology from Fuzzit to SAST results to either de-duplicate results or be able to link together vulnerabilities that come from the same source. If we can tie multiple vulnerabilities to the same place in the code, research how we could do bulk remediation / updates.
Edited by Sam Kerr