Towards the verification and validation of software security properties using static code analysis