Just published in International Journal on Software Tools for Technology Transfer: Pietro Ferrara, Amit Kr Mandal, Agostino Cortesi, Fausto Spoto: “Static analysis for discovering IoT vulnerabilities”.
In this paper we discuss how IoT vulnerabilities can actually be exploited, and in which cases static analysis can help in preventing them. We present an extension of an industrial analyzer (Julia) that already covers five out of the top seven vulnerabilities of OWASP Top 10, and we discuss which IoT Top 10 vulnerabilities might be detected by the existing analyses or their extension. More info here: https://link.springer.com/article/10.1007/s10009-020-00592-x.