Revision as of 08:41, 8 July 2023 edit Widefox (talk \| contribs) Autopatrolled, Extended confirmed users, Page movers, IP block exemptions, New page reviewers, Pending changes reviewers, Rollbackers 110,632 edits m →Rationale: fix caps ← Previous edit		Revision as of 08:43, 8 July 2023 edit undo Widefox (talk \| contribs) Autopatrolled, Extended confirmed users, Page movers, IP block exemptions, New page reviewers, Pending changes reviewers, Rollbackers 110,632 edits m →Rationale: link Next edit →
Line 22: A study from 2010 found that 60% of the interviewed developers in European research projects made at least use of their basic IDE built-in static analyzers. However, only about 10% employed an additional other (and perhaps more advanced) analysis tool.<ref>Prause, Christian R., René Reiners, and Silviya Dencheva. "Empirical study of tool support in highly distributed research projects." Global Software Engineering (ICGSE), 2010 5th IEEE International Conference on. IEEE, 2010 http://ieeexplore.ieee.org/ielx5/5581168/5581493/05581551.pdf</ref> In the application security industry the name [[static application security testing]] (SAST) is also used. SAST is an important part of [[Security Development ~~Lifecycles~~Lifecycle]]s (SDLs) such as the SDL defined by Microsoft<ref>M. Howard and S. Lipner. The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software. Microsoft Press, 2006. {{ISBN\|978-0735622142}}</ref> and a common practice in software companies.<ref>Achim D. Brucker and Uwe Sodan. [https://www.brucker.ch/bibliography/download/2014/brucker.ea-sast-expierences-2014.pdf Deploying Static Application Security Testing on a Large Scale] {{webarchive\|url=https://web.archive.org/web/20141021065105/http://www.brucker.ch/bibliography/download/2014/brucker.ea-sast-expierences-2014.pdf \|date=2014-10-21 }}. In GI Sicherheit 2014. Lecture Notes in Informatics, 228, pages 91-101, GI, 2014. </ref> == Tool types==

Static program analysis: Difference between revisions