Software Engineering Institute

As automated static analysis tools identify more kinds of code flaws, the number of reported flaws (alerts) is increasing. Validation and repair of flaws discovered by static analysis requires manual effort from auditors and coders, a limited resource in every organization. In this work, we created a method to automatically classify and prioritize alerts that minimizes manual effort to address the large volume of alerts.