Static code analysis is a technology to detect various security vulnerabilities at implementation time. However, as studies show, developers reject static analysis tools, as they find them hard to configure such that they can operate efficiently in their application context. With their default parameters, most tools produce a high number of false warnings, while missing vulnerabilities that may be important. This demotivates the developers. The goal of this project is to reduce the gap between static analysis and software development, thereby improving the user experience of static analysis tools.Learn More
There aren't any results as yet, but project updates can be seen on Twitter.
Fraunhofer IEM Institute for Mechatronic Systems Design
Department Software Engineering and IT-Security