Static analysis produces large amounts of data. The volume of data allows for new developments in research. Practical observations of the effectiveness of static analysis tools can be derived from that data. The question of tool statistical independence can also find preliminary answers. Effectiveness and independence are the key concepts to answer the one question tool users ask: which tool or set of tools should I use to meet my needs? The Software Assurance Metrics and Tool Evaluation (SAMATE) project at NIST has accumulated and published large amounts of relevant data, during four Static Analysis Tool Expositions (SATE). This collection allowed for the development and validation of practical metrics, in regard to static analysis tool effectiveness and independence. In this paper, we discuss the role of the data in determining which metrics can be derived.
Proceedings Title: Software Security and Reliability (SERE) 2013
Conference Dates: June 18-20, 2013
Conference Location: Gaithersburg, MD
Pub Type: Conferences
software metrics, static analysis tools, security weaknesses, tool effectiveness, tool independence