Currently, CogniCryptSAST can handle subsequent crypto misuses due to the expressiveness of the used rules set. For example, an insecurely generated initialization vector can cause several misuse reports: a) the insecure call to generate random numbers which will be used as IV b) passing the IV to the cipher object. While the second information is valuable, a developer or security auditor is more interested in the places where they have to fix a misuse.

This thesis should investigate if the current architecture of CogniCrypt can report subsequent errors to the users, and implement a potential prototype. Further, we plan to evaluate if the implementation improves the usability, e.g., by an expert interview.