Conclusion:
Static analysis tools are extremely beneficial to small and large businesses alike, although the way they are deployed and used may be different. They help keep development costs down by finding bugs as early as possible in the product cycle. The security benefit to running static analysis tools on source code is very large, and will help ensure the final application has far fewer exploitable security flaws.
Static analysis tools are very good at code level discovery of bugs and can help enforce coding standards and keep code complexity down. Besides helping developers find bugs the tools can also ensure future readability by making sure all coding standards are upheld. Metrics can be generated to analyze the complexity of the code to discover ways to make the code more readable and less complex.
Throughout this report static analysis tools have been discussed in depth. From the first reported static analysis tool, Lint, to current powerful applications such as Klocwork inSpect this class of tool is now an irreplaceable piece of the development cycle. Each phase of the development cycle can benefit from the use static analysis tools, ultimately resulting in a better product for the end user. Development shops of all sizes and applications of all complexities can benefit by incorporating static analysis tools into their development process| <<Previous | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | Next>> |
Provided by: Security Innovation, The Application Security Company