Why do we need static analysis?

• To uncover potential violations of coding standards
• To evaluate the efficacy of security controls and coding constructs that have been implemented to satisfy specific security requirements
• To provide a way for developers to learn about and remediate security defects
• To review code for adherence to secure coding standards, best practices, and organizational security policies
• To satisfy a regulatory or contractual requirement