A form of static analysis that works by analyzing software by tracing data flows and paths that might be used when running the application. It can find weaknesses, but is subject to false positive results because the paths and data it finds my be improbable or impossible.
