(NIST: Gaithersburg, MD) -- If the shiny new software on your computer or mobile phone runs without crashing, you may have another computer program to thank—a static analyzer. Static analyzers try to find weaknesses in other programs that could be triggered accidentally or exploited by hackers. A new report by the National Institute of Standards and Technology (NIST) documents the Static Analysis Tool Exposition (SATE), an exercise by NIST and static analyzer vendors to improve the performance of these tools.

The report is the culmination of a lengthy effort to host and then digest the results of SATE, begun in February 2008 to help toolmakers assess their products’ ability to find security defects in other software. Eight tool developers, along with a ninth team of professional reviewers, participated in SATE, which provided a noncompetitive environment for the vendors to compare their program analysis techniques for the benefit of the entire group.

 …