|
ABSTRACT:
Automated source code analysis is technology aimed at locating and describing areas of weakness in source code. Those weaknesses might be security vulnerabilities, logic errors, implementation defects, concurrency violations, rare boundary conditions, or many other types of problem-causing code. The name of the associated research field is static analysis. This is differentiated from more traditional dynamic analysis techniques such as unit or penetration testing by the fact that the work is performed at build time using only the source code of the program or module in question. The results reported are therefore generated from a complete view of every possible execution path, rather than some aspect of a necessarily limited observed runtime behavior. This paper discusses what SCA tools have to offer, why developers should use them when they have other tools to choose from, and why the technology is compelling enough to add to your build chain.
|
| |
 |
My Research History
Free Newsletters
