Spotlight: Static Analysis Tool Expositions Article Published in Journal of Cyber Security and Information Systems

Members of ITL’s Software and Systems Division published an article in the Journal of Cyber Security and Information Systems(link is external) that discusses the authors’ experiences with static analyzers, which are software used to find security-relevant weaknesses in source code. Starting in 2008, the scientists have conducted five collaborative efforts with makers of static analyzers. Through these efforts, called Static Analysis Tool Expositions (SATEs), participating makers run their static analyzers on a set of programs, and then researchers led by NIST analyze the tool reports. The analysis report is made publicly available later. In this article, the authors describe the fifth SATE and their plans for the sixth SATE