This is a stub of a page.
These are comments from Unknown User (lflynn), suggesting more description of capabilities and limits of automated detection:
I think it would be very useful for readers of the standards to discuss types (and limits!) of automated detection here. Specifically, in much nicer wording, to discuss:
There are 3 types of problems that static analysis can analyze for: 1) syntactic; 2) semantic; and 3) depends on the intention of the programmer. Automatic detection can be 100% correct for #1, for #2 they can do well but cannot guarantee 100% because of the Halting Problem (cite Rice's Theorem), for #3 there are attempts to intuit programmer intent (e.g., ACR (automatic code repair) project and trying to know what the programmer intended, and one static analysis tool provides an alert if 4 of 5 times you check a function's return value for null, it gives an error value if you forget to check for null - inferring programmer intent from the other return value checks). Another example: if a variable is called "password", one tool assumes that is sensitive.