Abstract
This paper presents a framework for evaluating the quality of static code analysis (SCA) tools in the context of different software engineering metrics. The framework supports up to 38 software engineering metrics. We applied the framework against both open-source and commercially available SCA tools. The results of our experiments show that software engineering metrics, such as cyclomatic complexity, fan-out, knots, and essential complexity can impact the ability of a static code analysis tool to identify potential vulnerabilities in source code.
Full Text 
Sign-in/Register to access full text options
Sign-in/Register to access full text options 
Published version (
Free)
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
