Source Code Analysis Risk Evaluation Tool-The Source Code Analysis Risk Evaluation project is a study to create a security complexity metric that will analyze source code and provide a realistic and factual representation of the potential of that source code to create a problematic binary.　This metric will not say that the binary will be exploited nor does it do a static analysis for known limitations like vulnerabilities.　However it will flag code for a particular interaction type or control and allow the developer to understand which OpSec holes are not protected even if it can t say the effectiveness of that protection.　The level of required effectiveness would require a much more sophisticated analysis tool and not within the scope of this project at this time.



The goal of this study is to apply the ISECOM research findings for security metrics represented as the Risk Assessment Values (RAVs) in OSSTMM 3.0.　These metrics define