Save or Share this Report

For Security & Risk Professionals

Know Your Code: How Static Analysis Tools Make Applications More Secure

November 20, 2009


  • By Chenxi Wang,
  • Andrew Jaquith
  • with Robert Whiteley III,
  • Allison Viglianti

Why Read This Report

Many companies, besieged by audit findings and application vulnerabilities, recognize the benefits of eliminating security vulnerabilities early in the software life cycle. For this reason, static analysis technologies for analyzing code-level security issues are gaining momentum in the industry. As a security and risk management executive, you must: 1) carefully prepare your organization before buying static analysis tools; 2) apply six selection criteria to the buying decision; and 3) consider the current landscape of vendors as well as emerging open source tools that provide an inexpensive alternative.

Get Access

Already a Client?

Log in to read this document.

Become a Forrester Client

Customers are the new market-makers, reshaping industries and changing how businesses compete and win. Success depends on how well and how fast you respond. Forrester Research gives you insights and frameworks aligned to your role to shorten the time between a great idea and a great outcome, helping your teams win in the age of the customer. Contact us to learn more.

Purchase Report

This report is available for individual purchase ($499 USD).


Table of Contents

  • Why Should You Consider Static Analysis?
  • Make Sure Your Organization Is Ready Before Buying Tools
  • How To Select The Right Tool For Your Environment
  • Six Keys To Integrating Static Analysis Into Your Application Security Program
  • Static Analysis Tool Vendors Include Niche Players, Suites, And Open Source

  • Developers, Developers, Developers! Are The Keys To Success
  • Related Research Documents