Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Impact of Code Complexity On Software Analysis



Charles D. De Oliveira, Elizabeth Fong, Paul E. Black


The Software Assurance Metrics and Tool Evaluation (SAMATE) team studied thousands of warnings from static analyzers. Tools have difficulty distinguishing between the absence of a weakness and the presence of a weakness that is buried in otherwise-irrelevant code elements. This paper presents classes of these code elements, which we call "code complexities." They have been present in software assurance as part of test cases generation strategy when evaluating static analyzers. Benefits of using code complexity include the development of coding guidelines, boosting diversification of test cases.
NIST Interagency/Internal Report (NISTIR) - 8165-upd1
Report Number


code complexity, test cases, static source code scanner, vulnerability, software assurance


De Oliveira, C. , Fong, E. and Black, P. (2023), Impact of Code Complexity On Software Analysis, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online],, (Accessed April 20, 2024)
Created February 23, 2023