Abstract: Disclosed systems and methods identify a data record set and determine whether one or more predetermined conditions exist for triggering analysis of one or more records in the data record set. Disclosed embodiments trigger the analysis only in response to determining that the predetermined conditions have been met. Upon triggering the analysis of the data record set, disclosed embodiments identify a subset of the data record set to undergo the analysis while refraining from performing the analysis on the remaining records in the data record set. Further, embodiments identify an analysis model based on a level of analysis to be performed and apply the analysis model to the subset of the data record set to identify any presence of sensitive data. Lastly, disclosed embodiments selectively perform a security process to the data record set in response to detecting the presence of the sensitive data.

Abstract: Techniques for (i) using contextual information associated with an exposed credential to identify a resource that could be accessed using the exposed credential, (ii) identifying a responsible entity of that resource, and (iii) alerting the responsible entity about the exposed credential are disclosed. A credential is determined to be in an exposed state. The exposed credential, if used, could potentially provide an actor access to a resource, despite the fact that the actor should not have access to the resource. The exposed credential is analyzed to determine a context. Based on that context, the resource is identified. A responsible entity associated with the resource is identified. An alert is then sent to that entity.

Abstract: Static analysis of a code base is expanded beyond finding faults to also find code instances where a particular fault could have occurred but did not. A conformance count reflects code portions that satisfy a specified coding rule per static analysis, and a nonconformance count reflects code portions that do not satisfy the coding rule. Various metrics computed from the conformance count and nonconformance count drive software development quality assessments. For example, bugs or bug categories may be prioritized for developer attention, static analysis tools are evaluated based on the metrics, to reduce noise by eliminating low-value bug alerts. Particular areas of expertise of developers and developer groups are objectively identified. Source code editors are enhanced to provide specific recommendations in context. Other quality enhancements are also provided.

Abstract: Techniques for identifying an exposed credential that, if used, would provide access to a resource are disclosed. The techniques enable the resource to remain online while (i) a new credential is allocated for the resource, (ii) the resource is transitioned to using the new credential instead of the exposed credential, and (iii) the exposed credential is attempted to be invalidated. A credential is accessed. This credential is suspected of being in an exposed state. The credential is accessible from within an artifact and is determined to be in the exposed state. A new credential is generated. This new credential is designed to replace the exposed credential. An instruction is transmitted to the resource to cause it to transition from using the exposed credential to using the new credential. The exposed credential is then invalidated.

Abstract: Techniques for (i) using contextual information associated with an exposed credential to identify a resource that could be accessed using the exposed credential, (ii) identifying a responsible entity of that resource, and (iii) alerting the responsible entity about the exposed credential are disclosed. A credential is determined to be in an exposed state. The exposed credential, if used, could potentially provide an actor access to a resource, despite the fact that the actor should not have access to the resource. The exposed credential is analyzed to determine a context. Based on that context, the resource is identified. A responsible entity associated with the resource is identified. An alert is then sent to that entity.

Abstract: Static analysis of a code base is expanded beyond finding faults to also find code instances where a particular fault could have occurred but did not. A conformance count reflects code portions that satisfy a specified coding rule per static analysis, and a nonconformance count reflects code portions that do not satisfy the coding rule. Various metrics computed from the conformance count and nonconformance count drive software development quality assessments. For example, bugs or bug categories may be prioritized for developer attention, static analysis tools are evaluated based on the metrics, to reduce noise by eliminating low-value bug alerts. Particular areas of expertise of developers and developer groups are objectively identified. Source code editors are enhanced to provide specific recommendations in context. Other quality enhancements are also provided.

Abstract: The use of a static analysis for configuring a follow-on dynamic analysis for the evaluation of program code is provided. A request may be received for configuring a static analysis session for the evaluation of the program code. The static analysis may be executed and an output may be produced therefrom. The output may be analyzed to determine whether a dynamic analysis is needed for resolving code ambiguities in the program code. If it determined that the dynamic analysis is needed, then the dynamic analysis of the program code is initiated.