Posts Tagged ‘JSR-250’

  • Java source code vs bytecode analysis

    on Jan 6, 09 • by Alen Zukich • with No Comments

    David posted an interesting discussion on the usage of static analysis tools by developers to find security vulnerabilities.  As always the discussion with static analysis tools lean towards the false positive and false negative discussion.  But also David mentions their results are sometimes difficult to understand.   This is one of the reasons Klocwork switched from a bytecode analysis tool for Java to a source code analysis tool.  As both have their advantages and disadvantages (and I admit I’m very biased here) we have certainly found that we have been able to reduce our false positive

    Read More »
Scroll to top