Evaluating Static Source Code Analysis Tools

This thesis presents the results of an evaluation of source code analyzers. Such tools constitute an inexpensive, efficient and fast way of removing the most common vulnerabilities in a software project, even though not all security flaws can be detected. This evaluation was conducted at CERN, the European Organization for Nuclear Research, in the intent of providing its programmers with a list of dedicated software verification/static source code analysis tools. Particular focus of these tools should be on efficiently finding security flaws. The evaluation covered close to thirty different tools for the major programming languages.