They mention that they "manually injected into open source C source (spell, unhtml, spell++, bc, gzip). I also ran Inferbo on some internal Facebook code and Inferbo generated alarms in the third-party C source(e.g. open-ssl)."
They then go onto demonstrate how it did in those injected bug cases (really well), but they don't really get into what they found for those "out in the wild" alarms in the third-party C source. The latter seem to be more interesting than the injected bugs.
Right. But our purpose was to assure that Inferbo performs well to find the bo errors of FB-style against "noises" from the coding idioms in realistic sw.
They then go onto demonstrate how it did in those injected bug cases (really well), but they don't really get into what they found for those "out in the wild" alarms in the third-party C source. The latter seem to be more interesting than the injected bugs.