, C.
, Fong, E.
and Black, P.
(2017),
Impact of Code Complexity On Software Analysis, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.8165
(Accessed October 8, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Impact of Code Complexity On Software Analysis
Published
Author(s)
, ,
Abstract
The Software Assurance Metrics and Tool Evaluation (SAMATE) team evaluated approximately 800 000 warnings from static analyzers.We learned that elements that we call code complexities make the detection of warnings more difficult. Most tools cannot not distinguish between the absence of a weakness and the presence of a weakness. That has been obscured in the code. This paper presents classes of code complexities. Understanding code complexity can assist in the development of coding guidelines for assuring that software is fully analyzable by static analyzers.Citation
NIST Interagency/Internal Report (NISTIR) - 8165
Report Number
8165
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
code complexity, test cases, static source code scanner, vulnerability, software assurance
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created February 9, 2017, Updated May 4, 2021