Successes:
Microsoft is most likely the largest success story of static analysis tools; nearly every major product at Microsoft must be tested rigorously with static analysis tools. Microsoft uses the tools to search for errors within the entire Windows source tree such as buffer overruns and other difficult to find errors that may surface later as security flaws in the operating system. The ability to run static analysis on all of the Windows source code is a true testament to how mature these tools have become.
NASA requires each code change to mission critical applications to undergo thorough static analysis. Each warning and suggestion the analyzer finds must be either fixed or or a comment added to the source code describing why the warning is unnecessary to fix.
Most major software companies employ some form of static analysis tools; in fact it is difficult to find an example where the use of these tools has not helped the software company deliver a more robust product ensuring fewer security flaws at ship time.
| <<Previous | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | Next>> |
Provided by: Security Innovation, The Application Security Company