NIST logo

Publication Citation: Of Massive Static Analysis Data

NIST Authors in Bold

Author(s): Aurelien M. Delaitre; Vadim Okun; Elizabeth N. Fong;
Title: Of Massive Static Analysis Data
Published: June 20, 2013
Abstract: Static analysis produces large amounts of data. The volume of data allows for new developments in research. Practical observations of the effectiveness of static analysis tools can be derived from that data. The question of tool statistical independence can also find preliminary answers. Effectiveness and independence are the key concepts to answer the one question tool users ask: which tool or set of tools should I use to meet my needs? The Software Assurance Metrics and Tool Evaluation (SAMATE) project at NIST has accumulated and published large amounts of relevant data, during four Static Analysis Tool Expositions (SATE). This collection allowed for the development and validation of practical metrics, in regard to static analysis tool effectiveness and independence. In this paper, we discuss the role of the data in determining which metrics can be derived.
Proceedings: Software Security and Reliability (SERE) 2013
Location: Gaithersburg, MD
Dates: June 18-20, 2013
Keywords: software metrics; static analysis tools; security weaknesses; tool effectiveness; tool independence
Research Areas: Threats & Vulnerabilities, Statistics, Software Testing Metrics