Document Controls
For Security & Risk Professionals
| Primary Analyst Photo | Document Information | Rate this Document |
|---|---|---|
|
November 20, 2009 Know Your Code: How Static Analysis Tools Make Applications More Secureby Chenxi Wang, Ph.D., Andrew Jaquith with Robert Whiteley, Allison Viglianti |
Average: 7
(1 rating)
|
This is an excerpt
Executive Summary
Many companies, besieged by audit findings and application vulnerabilities, recognize the benefits of eliminating security vulnerabilities early in the software life cycle. For this reason, static analysis technologies for analyzing code-level security issues are gaining momentum in the industry. As a security and risk management executive, you must: 1) carefully prepare your organization before buying static analysis tools; 2) apply six selection criteria to the buying decision; and 3) consider the current landscape of vendors as well as emerging open source tools that provide an inexpensive alternative.
TABLE OF CONTENTS
- Why Should You Consider Static Analysis?
- Make Sure Your Organization Is Ready Before Buying Tools
- How To Select The Right Tool For Your Environment
- Six Keys To Integrating Static Analysis Into Your Application Security Program
- Static Analysis Tool Vendors Include Niche Players, Suites, And Open Source
RECOMMENDATIONS
- Developers, Developers, Developers! Are The Keys To Success
- Related Research Documents
This is an excerpt
Buy Risk-Free
Price: US $499
Our Service Guarantee: If you are not completely satisfied with this document, notify Forrester within 24 hours of purchase for a full refund.
Already a Forrester Client?
Log in to read this document.
