Posts Tagged ‘False Positives’

  • Perceptual False Positives

    on Mar 13, 12 • by Alen Zukich • with 2 Comments

    Perceptual False Positives

    As any static analysis or source code analysis vendor will tell you, false positives are a way of life.  As any user will tell you, false positives suck!  So what do you do about them?  Make the tools better at finding the real issues and provide automated filtering capabilities.  But I’m not here to talk about false positives where the tool is utterly wrong.  What I want to talk about today is what I call “perceptual false positives”. I’ve had discussions with customers where they tell me 80% of all their defects are false.  Odd,

    Read More »
  • To report, or not to report…

    on Jun 6, 11 • by Gwyn Fisher • with No Comments

    To report, or not to report…

    Creating a source code analysis (SCA) engine is a balancing act, a decision process of where you believe the most value can be found along the spectrum that is the signal-to-noise ratio of the detection process. At one end lies the realm of massive noise and hopefully complete coverage, whilst at the other is the quiet calm of the theoretically useful but ultimately useless realm of no noise, but ultimately no signal either. That may sound counter-intuitive. Shouldn’t a zero noise point on the spectrum be accompanied by an infinitely strong signal? Perhaps in the

    Read More »
  • False positives in modern static analyzers

    on May 22, 09 • by Alen Zukich • with 1 Comment

    In response to Jason’s post about false positives.  First of all there is a general misconception of false positives.  Modern static source code analysis tools have changed the game.  It is not the Lint tool of the past, a focus with deep inter-procedural technology has placed the requirement that static tools today produce more real issues than false reports. With that said, Jason is right, large code bases never running static analysis will produce a large number of issues no matter how accurate it is.  Even though static analysis tools do provide a number of

    Read More »
Scroll to top