Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Impact of Code Complexity On Software Analysis

Published

Author(s)

Charles D. De Oliveira, Elizabeth Fong, Paul E. Black

Abstract

The Software Assurance Metrics and Tool Evaluation (SAMATE) team studied thousands of warnings from static analyzers. Tools have difficulty distinguishing between the absence of a weakness and the presence of a weakness that is buried in otherwise-irrelevant code elements. This paper presents classes of these code elements, which we call "code complexities." They have been present in software assurance as part of test cases generation strategy when evaluating static analyzers. Benefits of using code complexity include the development of coding guidelines, boosting diversification of test cases.
Citation
NIST Interagency/Internal Report (NISTIR) - 8165-upd1
Report Number
8165-upd1

Keywords

code complexity, test cases, static source code scanner, vulnerability, software assurance

Citation

De Oliveira, C. , Fong, E. and Black, P. (2023), Impact of Code Complexity On Software Analysis, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.8165-upd1, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=936229 (Accessed March 29, 2024)
Created February 23, 2023