Who Should Use Static Analysis Tools:
All software development companies can benefit from using static analysis tools on their applications. Most of the benefits of static analysis tools can scale from the very small to the very large software company and there are static analysis tools available for every popular programming language.
Smaller software development companies can benefit from the security checks, complexity, metrics and coding standards features of the static analysis tool. Any application needs to take into consideration all security concerns, including buffer overflows, input validation and others, because even if your application is a standalone solution with no network connectivity all input must be treated as potentially hostile and as a security threat. Taking measures to reduce the complexity of the application can result in fewer difficult to find bugs and will help future developers understand the code when it needs to be serviced.
Medium to large applications will benefit the most from using the metrics, complexity and coding standards features of a large scale static analysis tool such as Klocwork inSpect. This, as stated above, will help keep production and maintenance costs down and reduce the number of bugs in the application before build time, thus keeping the overall cost of development down. A larger company needs to take application security very seriously because their application will be distributed to a larger audience and therefore will become a greater target for hackers and malicious programmers. Buffer Overruns and other security vulnerabilities can be extremely difficult to discover without analyzing the code line by line.
| <<Previous | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | Next>> |
Provided by: Security Innovation, The Application Security Company