Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Impact of Code Complexity On Software Analysis

Published

Author(s)

Charles Daniel De Oliveira, Elizabeth N. Fong, Paul E. Black

Abstract

The Software Assurance Metrics and Tool Evaluation (SAMATE) team evaluated approximately 800 000 warnings from static analyzers.We learned that elements that we call “code complexities” make the detection of warnings more difficult. Most tools cannot not distinguish between the absence of a weakness and the presence of a weakness. That has been obscured in the code. This paper presents classes of code complexities. Understanding code complexity can assist in the development of coding guidelines for assuring that software is fully analyzable by static analyzers.
Citation
NIST Interagency/Internal Report (NISTIR) - 8165
Report Number
8165

Keywords

code complexity, test cases, static source code scanner, vulnerability, software assurance

Citation

, C. , Fong, E. and Black, P. (2017), Impact of Code Complexity On Software Analysis, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.8165 (Accessed October 31, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created February 9, 2017, Updated May 4, 2021