sponsored by Parasoft Corporation
Posted:  01 Apr 2009
Published:  01 Apr 2009
Format:  PDF
Length:  6  Page(s)
Type:  White Paper
Language:  English
ABSTRACT:

Static analysis for security has been such a hot topic lately that it seems the industry is starting to think of it as a silver bullet. The quest for application security has breathed new life into static analysis technologies, which until quite recently were primarily perceived as either frivolous beautification tools or burdensome big brother monitoring systems. Surprisingly, the underlying technology was not substantially modified to accommodate the issue of security; rather, the changes were more like a face lift. As a result, organizations using static analysis technology still encounter the same fundamental challenges in making it sustainable over time.

The secret to making static analysis technologies a productive analysis solution is to use them in the proper context. The adoption of this technology should be driven by a policy-based approach. This means establishing a policy that defines requirements, then enforcing that policy consistently - not only with automation to ensure that the required practices are sustained, but also with workflow, task management, and metrics that enable you to measure how well the policy is being implemented. In the context of policy, static analysis is elevated from a "nice-to-have" checker to a critical tool for ensuring that code meets the organization's expectations.

This paper explains why and how to apply static analysis tools in the context of a policy-based security process that not only prevents security vulnerabilities, but also focuses on SDLC productivity.






BROWSE RELATED RESOURCES
Business Intelligence | Business Process Management | Business Process Management Software | Code Management | Project Management | QOS | Quality Control | Security Policies | Testing

View All Resources sponsored by Parasoft Corporation

About TechTarget:

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines

All Rights Reserved, Copyright 2000 - 2014, TechTarget | Read our Privacy Statement