Impact of Code Complexity On Software Analysis

Charles Daniel De Oliveira; Elizabeth N. Fong; Paul E. Black

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Impact of Code Complexity On Software Analysis

Published

February 9, 2017

Author(s)

Charles Daniel De Oliveira, Elizabeth N. Fong, Paul E. Black

Abstract

The Software Assurance Metrics and Tool Evaluation (SAMATE) team evaluated approximately 800 000 warnings from static analyzers.We learned that elements that we call code complexities make the detection of warnings more difficult. Most tools cannot not distinguish between the absence of a weakness and the presence of a weakness. That has been obscured in the code. This paper presents classes of code complexities. Understanding code complexity can assist in the development of coding guidelines for assuring that software is fully analyzable by static analyzers.

Citation

NIST Interagency/Internal Report (NISTIR) - 8165

Report Number

8165

NIST Pub Series

NIST Interagency/Internal Report (NISTIR)

Pub Type

NIST Pubs

Download Paper

https://doi.org/10.6028/NIST.IR.8165

Keywords

code complexity, test cases, static source code scanner, vulnerability, software assurance

Cybersecurity and Software testing

Citation

, C. , Fong, E. and Black, P. (2017), Impact of Code Complexity On Software Analysis, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.8165 (Accessed April 19, 2024)

Created February 9, 2017, Updated May 4, 2021

Impact of Code Complexity On Software Analysis

Author(s)

Abstract

Download Paper

Keywords

Citation

Additional citation formats