Issue No. 06 - November-December (2004 vol. 2)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2004.111
Brian Chess , Fortify Software
Gary McGraw , Cigital
All software projects are guaranteed to have one artifact in common: source code. Together with architectural risk analysis, code review for security ranks very high on the list of software security best practices. Here, we'll look at how to automate source-code security analysis with static analysis tools.
software development life cycle, source code, static analysis
B. Chess and G. McGraw, "Static Analysis for Security," in IEEE Security & Privacy, vol. 2, no. , pp. 76-79, 2004.