Dark Reading

Software Assurance: Time to Raise the Bar on Static Analysis

I had an interesting conversation recently about the after-effects of Heartbleed and the challenges facing static analysis with Barton Miller, the chief scientist of the Software Assurance Marketplace ...
TheServerSide

Static code analysis with Klocwork

Given the great emphasis Agile teams place on the importance of software testing, it is surprising that organizations don't invest more time and money in static software testing tools. Of course, with ...
Electronic Design

Applying Exhaustive Static Analysis to Automotive Software Testing

How exhaustive static analysis overcomes the limitations of traditional tests and static-analysis tools. How exhaustive static analysis identifies a buffer overflow by using code samples. How hardware ...
Electronic Design

Static Analysis for Embedded Software

Static analysis works on source code and tries to identify errors based on what it can tell about the program. For example, it can highlight “dead code” that will never execute. And sometimes it can ...
CSOonline

Source Code Analysis Tools: How to Choose and Use Them

The high cost of finding and patching application flaws is well known. Wouldn’t it be cheaper to write secure code in the first place? More on code analysis tools and software security Source code ...

Inside DockerGate: Using Static Analysis to Rein in Container Permissions

VMPLNew Delhi [India], March 14: Modern software infrastructure increasingly relies on containers, yet the security assumptions that govern them remain surprisingly blunt. As Docker has become the ...