Note: This page is part of the us-cert.gov archive.

This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

Source Code Analysis

Outlines what automated security analyzers can do, provides a business case for their use, and provides some criteria for evaluating individual tools. Code samples are provided to run tools against to verify that the tools are able to detect known problems in the code.