Jeff Williams wrote:
> I think there's a lot more that static analysis can do than what you're
> describing. They're not (necessarily) just fancy pattern matchers.
> ...
> Today's static analysis tools are only starting to help here. Tools focused
> on dumping out a list of vulnerabilities don't wo
"Jeff Williams" <[EMAIL PROTECTED]> wrote:
> I think there's a lot more that static analysis can do than what you're
> describing. They're not (necessarily) just fancy pattern matchers.
Jeff, you raise a important point. Getting good value out of static
analysis requires a second component in a
I think there's a lot more that static analysis can do than what you're
describing. They're not (necessarily) just fancy pattern matchers.
Static analysis can add security meta-information to a software baseline. If
the tool knows which methods are related to which security mechanisms, it
can help