Comparing Static Security Analysis Tools Using Open Source Software

Abstract

Software vulnerabilities present a significant impediment to the safe operation of many computer applications, both proprietary and open source. Fortunately, many static analysis tools exist to identify potential security issues. We present the results of evaluating multiple subsets of open source code for common software vulnerabilities using several such static security analysis tools. These results aid other developers in better discerning which tools to use in evaluating their own programs for security vulnerabilities.