Evaluating Static Source Code Analysis Tools
This thesis presents the results of an evaluation of source code analyzers. Such tools constitute an inexpensive, efficient and fast way of removing the most common vulnerabilities in a software project, even though not all security flaws can be detected. This evaluation was conducted at CERN, the European Organization for Nuclear Research, in the intent of providing its programmers with a list of dedicated software verification/static source code analysis tools. Particular focus of these tools should be on efficiently finding security flaws. The evaluation covered close to thirty different tools for the major programming languages.
ESSCAT-report.pdf
openaccess
646.38 KB
Adobe PDF
97a7857427094c8a0d40dd1b9419ab48
ESSCAT-report-for-printing.pdf
openaccess
649.61 KB
Adobe PDF
53637b49affa1c173d5ede50830c454a