To help the user decide which warnings to investigate first, we attempt to determine ``hotspots'' in the code. For each error message, we compute the shortest taint flow path and increment a counter associated with each qualifier on the path. We then present the user with a hyperlinked list of the ``hottest'' qualifiers, i.e., those involved in the largest number of (shortest) taint flow paths. The idea--borne out by our experience--is that adding a single annotation at an important point can dramatically reduce the number of warnings.
One extension to this idea, which we have not yet implemented, is to find the hottest constraints rather than the hottest qualifiers. This may help point the user to a particular erroneous expression in the code, rather than to an identifier.