Vadim Okun, William F. Guthrie, Romain Gaucher, and Paul E. Black, Effect of Static Analysis Tools on Software Security: Preliminary Investigation, QoP '07: Proc. 2007 ACM Workshop on Quality of Protection, Program Chairs Günter Karjoth and Ketil Stølen, ACM, 2007.

Presented at Third Workshop on Quality of Protection, 29 October 2009.

    Static analysis tools can handle large-scale software and find thousands of defects. But do they improve software security?
    We evaluate the effect of static analysis tool use on software security in open source projects. We measure security by vulnerability reports in the National Vulnerability Database.

Get the paper in PDF (217k).

This page's URL is /~black/Papers/saToolEffectQoP07.html

Updated Thu Mar 19 09:28:07 2009

by Paul E. Black  (

Go to Black's papers or NIST home page.