O'Reilly logo

Secure Programming with Static Analysis by Jacob West, Brian Chess

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

2. Introduction to Static Analysis

The refinement of techniques for the prompt discovery of error serves as well as any other as a hallmark of what we mean by science.

–J. ROBERT OPPENHEIMER

This chapter is about static analysis tools: what they are, what they’re good for, and what their limitations are. Any tool that analyzes code without executing it is performing static analysis. For the purpose of detecting security problems, the variety of static analysis tools we are most interested in are the ones that behave a bit like a spell checker; they prevent well-understood varieties of mistakes from going unnoticed. Even good spellers use a spell checker because, invariably, spelling mistakes creep in no matter how good a speller you are. A ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required