Create more secure software: Apply static analysis to your code review process
Source: Addison Wesley Professional
Network security, judicious administration, and wise use are all important, but ultimately, software security cannot be left to the system administrator or the end user. It is the responsibility of the people who create software to make sure that their creations are secure. Fortunately, with the right knowledge and the right tools, good software security can be achieved by building security into the software development process. Secure Programming with Static Analysis, covers two threads: software security and static source code analysis, discussing a wide variety of common coding errors that lead to security problems, explaining the ramifications of each, and giving advice for charting a safer course. In this chapter download, look at how static analysis tools can be put to work as part of a security review process. Examine the organizational decisions that are essential to making effective use of the tools. Finally, look at metrics based on static analysis output.
Title: Secure Programming with Static Analysis
Published: June 2007
Authors: Brian Chess, Jacob West
Chapter: Chapter 3: Static Analysis as Part of the Code Review Process
Published by Addison Wesley Professional