Static Analysis (SA) tools are a widely used and routine part of testing by DoD and commercial organizations. Validating and repairing defects
discovered by SA tools can require more human effort from auditors and
coders than organizations have available. Since 2016, researchers in the
SEI CERT Dvision have been developing a method to automatically classify and prioritize
alerts (warnings) and meta-alerts (alerts about code flaws or
conditions) to help auditors and coders address large volumes of
information with less effort. The purpose of our research has been to
enable practical automated classification, so that all meta-alerts can be addressed.