Static Analysis Strategies

Addressing software security is a huge, resource consuming problem that involves looking at the way software is defined, designed, written, tested and deployed. While security touches each phase of the lifecycle, no one place has gotten more attention than static security. Static analysis looks at the source code itself and catches problems in the code before products are deployed.  This paper presents best practices for code security analysis, helping ensure that security defects are detected earlier in the development lifecycle, where it is naturally cheaper to address.