
200 ◾ Information Security Management Handbook
Development (Coding) Phase
e activities in the development phase often generate implementation-related vulnerabilities. Static
analysis and peer review are the two key processes to mitigate or minimize these vulnerabilities.
Static Analysis
Static analysis involves the use of automated tools to find issues within the source code itself:
◾ Bug finding (quality perspective)
◾ Style checks
◾ Type checks
◾ Security vulnerability review
Automated security review tools tend to have a high percentage of false positives, but they are
very efficient at catching the low-hanging vulnerabilities that plague most ...