Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Of Massive Static Analysis Data

Published

Author(s)

Aurelien M. Delaitre, Vadim Okun, Elizabeth N. Fong

Abstract

Static analysis produces large amounts of data. The volume of data allows for new developments in research. Practical observations of the effectiveness of static analysis tools can be derived from that data. The question of tool statistical independence can also find preliminary answers. Effectiveness and independence are the key concepts to answer the one question tool users ask: which tool or set of tools should I use to meet my needs? The Software Assurance Metrics and Tool Evaluation (SAMATE) project at NIST has accumulated and published large amounts of relevant data, during four Static Analysis Tool Expositions (SATE). This collection allowed for the development and validation of practical metrics, in regard to static analysis tool effectiveness and independence. In this paper, we discuss the role of the data in determining which metrics can be derived.
Proceedings Title
Software Security and Reliability (SERE) 2013
Conference Dates
June 18-20, 2013
Conference Location
Gaithersburg, MD

Keywords

software metrics, static analysis tools, security weaknesses, tool effectiveness, tool independence

Citation

Delaitre, A. , Okun, V. and Fong, E. (2013), Of Massive Static Analysis Data, Software Security and Reliability (SERE) 2013, Gaithersburg, MD (Accessed October 7, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created June 20, 2013, Updated May 4, 2021