Where Can Static Analysis Help?
Despite the limitations, static analyzers can be important tools within a security manager’s arsenal. They’re actually excellent at finding important defects, inconsistencies, and other ugliness in your code and on occasion exploitable security holes. Static analysis for defect detection, in general, is substantially easier because there are many more defects than security holes, and defects are much easier to identify and report with a relatively low false-positive rate. It’s still no cakewalk, by any means, to analyze millions of lines of code with an interprocedural analysis taking into account calling context, false paths, and fields not to mention the inherent difficulties in producing easy-to-understand error reports for specific defects. But it’s possible today with existing techniques and some amount of cleverness. Static-analysis tools can find some security holes. For example, Example 1 shows a security hole in the FreeBSD kernel that was found using Coverity’s security analy
