The Next Generation of Source Code Analysis

Automated source code analysis (SCA) technology is designed to locate and describe areas of weakness in software source code. Those weaknesses may be security vulnerabilities, logic errors, implementation defects, concurrency violations, rare boundary conditions, or any number of other types of problem-causing code. Source code analysis is distinct from more traditional dynamic analysis techniques, such as unit or penetration tests, since the work is performed at build time using only the source code of the program or module in question. The results reported are therefore generated from a complete view of every possible execution path, rather than some aspect of a necessarily limited observed runtime behavior. The underlying technology associated with SCA is called Static Analysis and the current generation of technology solutions is capable of providing sophisticated, high-value analysis that will identify critical bugs and security vulnerabilities in code that can potentially cause system crashes, hacker exploits or affect the overall reliability of mission-critical software.