Detecting the Beep Vulnerability with CodeSonar

The linux beep utility is a small utility command to literally send a tone to the user’s speaker. A subtle error in the...

Using Dynamic Metrics with Static Analysis

GrammaTech CodeSonar is primarily a static analysis tool, but there are some circumstances where it is useful to present...

The Economics of Static Analysis Tool Usage

INTRODUCTION:

The most effective tool is one that reports a good number of true positives, without too many false...

Human Factors in Evaluating Static Analysis Tools

INTRODUCTION:

Advanced static analysis tools are popular because they have proven effective at finding serious programming...

The Minefields of MISRA Coverage

INTRODUCTION:

Modern static analysis tools are typically used for two main purposes: finding bugs, and finding violations...