Software Engineering Institute

Experience shows that most software contains coding flaws that lead to vulnerabilities. Static analysis tools produce a large number of alerts with high false-positive rates that an engineer must painstakingly examine to find legitimate flaws. Researchers in the SEI's CERT Division have developed SCALe—Source Code Analysis Laboratory—to help analysts be more efficient and effective at auditing source code for security flaws.