Posts Tagged ‘Evaluating Static Analysis Tools’

  • All static analysis tools are not created equal

    on Mar 8, 11 • by Brendan Harrison • with No Comments

    Yes, it’s true (!) and as anyone in this space knows there is a huge difference between static analysis tools, their level of sophistication, and their approach to developer adoption. Gary McGraw & John Steven from Cigital describe their views on this topic including ‘5 pitfalls’ that customers should avoid when evaluating tools. These pitfalls mostly amount to the fact that analysis results across different tools, code bases, and tool operators can make results vary significantly, so be aware of this fact when conducting your benchmarking. Their overall recommendation: “The upshot? Use your own code instead

    Read More »
Scroll to top