Issue No.06 - November-December (2004 vol.2)
Brian Chess , Fortify Software
Gary McGraw , Cigital
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2004.111
All software projects are guaranteed to have one artifact in common: source code. Together with architectural risk analysis, code review for security ranks very high on the list of software security best practices. Here, we'll look at how to automate source-code security analysis with static analysis tools.
software development life cycle, source code, static analysis
Brian Chess, Gary McGraw, "Static Analysis for Security", IEEE Security & Privacy, vol.2, no. 6, pp. 76-79, November-December 2004, doi:10.1109/MSP.2004.111