The Software Assurance Metrics and Tool Evaluation (SAMATE) team studied thousands of warnings from static analyzers. Tools have difficulty distinguishing between the absence of a weakness and the presence of a weakness that is buried in otherwise-irrelevant code elements. This paper presents classes of these code elements, which we call "code complexities."
They have been present in software assurance as part of test cases generation strategy when evaluating static analyzers. Benefits of using code complexity include the development of coding guidelines, boosting diversification of test cases.
The Software Assurance Metrics and Tool Evaluation (SAMATE) team studied thousands of warnings from static analyzers. Tools have difficulty distinguishing between the absence of a weakness and the presence of a weakness that is buried in otherwise-irrelevant code elements. This paper presents...
See full abstract
The Software Assurance Metrics and Tool Evaluation (SAMATE) team studied thousands of warnings from static analyzers. Tools have difficulty distinguishing between the absence of a weakness and the presence of a weakness that is buried in otherwise-irrelevant code elements. This paper presents classes of these code elements, which we call "code complexities."
They have been present in software assurance as part of test cases generation strategy when evaluating static analyzers. Benefits of using code complexity include the development of coding guidelines, boosting diversification of test cases.
Hide full abstract