Title :
Static analysis for security
Author :
Chess, Brian ; McGraw, Gary
Abstract :
All software projects are guaranteed to have one artifact in common $source code. Together with architectural risk analysis, code review for security ranks very high on the list of software security best practices. We look at how to automate source-code security analysis with static analysis tools.
Keywords :
program diagnostics; security of data; software tools; automated source-code security analysis; best practices; code review; software security; static analysis tools; Application software; Best practices; Buildings; Computer bugs; Computer languages; Computer security; Costs; Privacy; Rats; Risk analysis; 65; software development life cycle; source code; static analysis;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2004.111
