Why do we need static analysis?
- To uncover potential violations of coding standards
- To evaluate the efficacy of security controls and coding constructs that have been implemented to satisfy specific security requirements
- To provide a way for developers to learn about and remediate security defects
- To review code for adherence to secure coding standards, best practices, and organizational security policies
- To satisfy a regulatory or contractual requirement