Until more developers get more training and understand more about how to write secure software, we will all need to lean on static analysis (and dynamic analysis) security testing tools to catch vulnerabilities. But static analysis isn't a substitute for code reviews.
from dzone.com: latest front page http://www.dzone.com/links/r/can_static_analysis_replace_code_reviews_3.html
from dzone.com: latest front page http://www.dzone.com/links/r/can_static_analysis_replace_code_reviews_3.html
No comments:
Post a Comment