De Oliveira, C.
, Fong, E.
and Black, P.
(2023),
Impact of Code Complexity On Software Analysis, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.8165-upd1, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=936229
(Accessed December 13, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Impact of Code Complexity On Software Analysis
Published
Author(s)
Charles D. De Oliveira, Elizabeth Fong,
Abstract
The Software Assurance Metrics and Tool Evaluation (SAMATE) team studied thousands of warnings from static analyzers. Tools have difficulty distinguishing between the absence of a weakness and the presence of a weakness that is buried in otherwise-irrelevant code elements. This paper presents classes of these code elements, which we call "code complexities." They have been present in software assurance as part of test cases generation strategy when evaluating static analyzers. Benefits of using code complexity include the development of coding guidelines, boosting diversification of test cases.Citation
NIST Interagency/Internal Report (NISTIR) - 8165-upd1
Report Number
8165-upd1
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
code complexity, test cases, static source code scanner, vulnerability, software assurance
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.
Created February 23, 2023