3. Static Analysis as Part of the Code Review Process
In preparing for battle, plans are useless but planning is indispensable.
–DWIGHT EISENHOWER
There’s a lot to know about how static analysis tools work. There’s probably just as much to know about making static analysis tools work as part of a secure development process. In this respect, tools that assist with security review are fundamentally different than most other kinds of software development tools. A debugger, for example, doesn’t require any organization-wide planning to be effective. An individual programmer can run it when it’s needed, obtain results, and move on to another programming task. But the need for software security rarely creates the kind of urgency that leads a programmer ...
Get Secure Programming with Static Analysis now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
