[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[WEB SECURITY] Looking for feedback from companies that use static analysis security tools

From: Dorothy Leibowitz <dorothy.leibowitz@xxxxxxxxx>
Subject: [WEB SECURITY] Looking for feedback from companies that use static analysis security tools
Date: Thu, 24 Sep 2009 09:11:48 -0700 (PDT)
--0-1720363723-1253808708=:58121
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hello,=0AI=E2=80=99m a software architect in my company (~50 developers).=
=0ARight now, we only use blackbox scanning, and penetration testing at the=
 end of=0Athe development process (either during QA or after the apps are l=
aunched). We=E2=80=99re=0Alooking to enhance our security process, by perfo=
rming static analysis during=0Adevelopment, and I wanted to hear other peop=
le=E2=80=99s opinion on this. =0AIt seems to me that current static analysi=
s security tools=0A(Fortify, Ounce) are geared towards security testers, an=
d not developers. For=0Aexample, the plug-in that is usually provided, does=
 not have the look & feel=0Aof standard IDEs =E2=80=93 usually you have to =
scan your entire code base, after every=0Acode modification, which can take=
 a long time, and frustrate developers. =0AAre there any people on the list=
, with experience in integrating=0Astatic analysis tools for developers(!) =
and not for security testers? I would=0Alove to hear you feedback and/or re=
commendations. Do all of your developers use=0Ait, or maybe only team leade=
rs have it installed?=0AI appreciate your input.=0AD.L.=0A=0A=0A=0A      
--0-1720363723-1253808708=:58121
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><head><style type=3D"text/css"><!-- DIV {margin:0px;} --></style></he=
ad><body><div style=3D"font-family:times new roman,new york,times,serif;fon=
t-size:12pt"><div><meta http-equiv=3D"Content-Type" content=3D"text/html; c=
harset=3Dutf-8"><meta name=3D"ProgId" content=3D"Word.Document"><meta name=
=3D"Generator" content=3D"Microsoft Word 12"><meta name=3D"Originator" cont=
ent=3D"Microsoft Word 12"><link rel=3D"File-List" href=3D"file:///C:%5CDOCU=
ME%7E1%5Corys%5CLOCALS%7E1%5CTemp%5Cmsohtmlclip1%5C01%5Cclip_filelist.xml">=
<link rel=3D"themeData" href=3D"file:///C:%5CDOCUME%7E1%5Corys%5CLOCALS%7E1=
%5CTemp%5Cmsohtmlclip1%5C01%5Cclip_themedata.thmx"><link rel=3D"colorScheme=
Mapping" href=3D"file:///C:%5CDOCUME%7E1%5Corys%5CLOCALS%7E1%5CTemp%5Cmsoht=
mlclip1%5C01%5Cclip_colorschememapping.xml"><!--[if gte mso 9]><xml>=0A <w:=
WordDocument>=0A  <w:View>Normal</w:View>=0A  <w:Zoom>0</w:Zoom>=0A  <w:Tra=
ckMoves/>=0A  <w:TrackFormatting/>=0A  <w:PunctuationKerning/>=0A  <w:Valid=
ateAgainstSchemas/>=0A  <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>=0A  =
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>=0A  <w:AlwaysShowPlaceho=
lderText>false</w:AlwaysShowPlaceholderText>=0A  <w:DoNotPromoteQF/>=0A  <w=
:LidThemeOther>EN-US</w:LidThemeOther>=0A  <w:LidThemeAsian>X-NONE</w:LidTh=
emeAsian>=0A  <w:LidThemeComplexScript>HE</w:LidThemeComplexScript>=0A  <w:=
Compatibility>=0A   <w:BreakWrappedTables/>=0A   <w:SnapToGridInCell/>=0A  =
 <w:WrapTextWithPunct/>=0A   <w:UseAsianBreakRules/>=0A   <w:DontGrowAutofi=
t/>=0A   <w:SplitPgBreakAndParaMark/>=0A   <w:DontVertAlignCellWithSp/>=0A =
  <w:DontBreakConstrainedForcedTables/>=0A   <w:DontVertAlignInTxbx/>=0A   =
<w:Word11KerningPairs/>=0A   <w:CachedColBalance/>=0A  </w:Compatibility>=
=0A  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>=0A  <m:mat=
hPr>=0A   <m:mathFont m:val=3D"Cambria Math"/>=0A   <m:brkBin m:val=3D"befo=
re"/>=0A   <m:brkBinSub m:val=3D"&#45;-"/>=0A   <m:smallFrac m:val=3D"off"/=
>=0A   <m:dispDef/>=0A   <m:lMargin m:val=3D"0"/>=0A   <m:rMargin m:val=3D"=
0"/>=0A   <m:defJc m:val=3D"centerGroup"/>=0A   <m:wrapIndent m:val=3D"1440=
"/>=0A   <m:intLim m:val=3D"subSup"/>=0A   <m:naryLim m:val=3D"undOvr"/>=0A=
  </m:mathPr></w:WordDocument>=0A</xml><![endif]--><!--[if gte mso 9]><xml>=
=0A <w:LatentStyles DefLockedState=3D"false" DefUnhideWhenUsed=3D"true"=0A =
 DefSemiHidden=3D"true" DefQFormat=3D"false" DefPriority=3D"99"=0A  LatentS=
tyleCount=3D"267">=0A  <w:LsdException Locked=3D"false" Priority=3D"0" Semi=
Hidden=3D"false"=0A   UnhideWhenUsed=3D"false" QFormat=3D"true" Name=3D"Nor=
mal"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"9" SemiHidden=3D"fa=
lse"=0A   UnhideWhenUsed=3D"false" QFormat=3D"true" Name=3D"heading 1"/>=0A=
  <w:LsdException Locked=3D"false" Priority=3D"9" QFormat=3D"true" Name=3D"=
heading 2"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"9" QFormat=3D=
"true" Name=3D"heading 3"/>=0A  <w:LsdException Locked=3D"false" Priority=
=3D"9" QFormat=3D"true" Name=3D"heading 4"/>=0A  <w:LsdException Locked=3D"=
false" Priority=3D"9" QFormat=3D"true" Name=3D"heading 5"/>=0A  <w:LsdExcep=
tion Locked=3D"false" Priority=3D"9" QFormat=3D"true" Name=3D"heading 6"/>=
=0A  <w:LsdException Locked=3D"false" Priority=3D"9" QFormat=3D"true" Name=
=3D"heading 7"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"9" QForma=
t=3D"true" Name=3D"heading 8"/>=0A  <w:LsdException Locked=3D"false" Priori=
ty=3D"9" QFormat=3D"true" Name=3D"heading 9"/>=0A  <w:LsdException Locked=
=3D"false" Priority=3D"39" Name=3D"toc 1"/>=0A  <w:LsdException Locked=3D"f=
alse" Priority=3D"39" Name=3D"toc 2"/>=0A  <w:LsdException Locked=3D"false"=
 Priority=3D"39" Name=3D"toc 3"/>=0A  <w:LsdException Locked=3D"false" Prio=
rity=3D"39" Name=3D"toc 4"/>=0A  <w:LsdException Locked=3D"false" Priority=
=3D"39" Name=3D"toc 5"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"3=
9" Name=3D"toc 6"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"39" Na=
me=3D"toc 7"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"39" Name=3D=
"toc 8"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"39" Name=3D"toc =
9"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"35" QFormat=3D"true" =
Name=3D"caption"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"10" Sem=
iHidden=3D"false"=0A   UnhideWhenUsed=3D"false" QFormat=3D"true" Name=3D"Ti=
tle"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"1" Name=3D"Default =
Paragraph Font"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"11" Semi=
Hidden=3D"false"=0A   UnhideWhenUsed=3D"false" QFormat=3D"true" Name=3D"Sub=
title"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"22" SemiHidden=3D=
"false"=0A   UnhideWhenUsed=3D"false" QFormat=3D"true" Name=3D"Strong"/>=0A=
  <w:LsdException Locked=3D"false" Priority=3D"20" SemiHidden=3D"false"=0A =
  UnhideWhenUsed=3D"false" QFormat=3D"true" Name=3D"Emphasis"/>=0A  <w:LsdE=
xception Locked=3D"false" Priority=3D"59" SemiHidden=3D"false"=0A   UnhideW=
henUsed=3D"false" Name=3D"Table Grid"/>=0A  <w:LsdException Locked=3D"false=
" UnhideWhenUsed=3D"false" Name=3D"Placeholder Text"/>=0A  <w:LsdException =
Locked=3D"false" Priority=3D"1" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D=
"false" QFormat=3D"true" Name=3D"No Spacing"/>=0A  <w:LsdException Locked=
=3D"false" Priority=3D"60" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"fals=
e" Name=3D"Light Shading"/>=0A  <w:LsdException Locked=3D"false" Priority=
=3D"61" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Light Li=
st"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"62" SemiHidden=3D"fa=
lse"=0A   UnhideWhenUsed=3D"false" Name=3D"Light Grid"/>=0A  <w:LsdExceptio=
n Locked=3D"false" Priority=3D"63" SemiHidden=3D"false"=0A   UnhideWhenUsed=
=3D"false" Name=3D"Medium Shading 1"/>=0A  <w:LsdException Locked=3D"false"=
 Priority=3D"64" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D=
"Medium Shading 2"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"65" S=
emiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Medium List 1"/>=
=0A  <w:LsdException Locked=3D"false" Priority=3D"66" SemiHidden=3D"false"=
=0A   UnhideWhenUsed=3D"false" Name=3D"Medium List 2"/>=0A  <w:LsdException=
 Locked=3D"false" Priority=3D"67" SemiHidden=3D"false"=0A   UnhideWhenUsed=
=3D"false" Name=3D"Medium Grid 1"/>=0A  <w:LsdException Locked=3D"false" Pr=
iority=3D"68" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Me=
dium Grid 2"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"69" SemiHid=
den=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Medium Grid 3"/>=0A  <w=
:LsdException Locked=3D"false" Priority=3D"70" SemiHidden=3D"false"=0A   Un=
hideWhenUsed=3D"false" Name=3D"Dark List"/>=0A  <w:LsdException Locked=3D"f=
alse" Priority=3D"71" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Na=
me=3D"Colorful Shading"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"=
72" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Colorful Lis=
t"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"73" SemiHidden=3D"fal=
se"=0A   UnhideWhenUsed=3D"false" Name=3D"Colorful Grid"/>=0A  <w:LsdExcept=
ion Locked=3D"false" Priority=3D"60" SemiHidden=3D"false"=0A   UnhideWhenUs=
ed=3D"false" Name=3D"Light Shading Accent 1"/>=0A  <w:LsdException Locked=
=3D"false" Priority=3D"61" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"fals=
e" Name=3D"Light List Accent 1"/>=0A  <w:LsdException Locked=3D"false" Prio=
rity=3D"62" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Ligh=
t Grid Accent 1"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"63" Sem=
iHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Medium Shading 1 Ac=
cent 1"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"64" SemiHidden=
=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Medium Shading 2 Accent 1"=
/>=0A  <w:LsdException Locked=3D"false" Priority=3D"65" SemiHidden=3D"false=
"=0A   UnhideWhenUsed=3D"false" Name=3D"Medium List 1 Accent 1"/>=0A  <w:Ls=
dException Locked=3D"false" UnhideWhenUsed=3D"false" Name=3D"Revision"/>=0A=
  <w:LsdException Locked=3D"false" Priority=3D"34" SemiHidden=3D"false"=0A =
  UnhideWhenUsed=3D"false" QFormat=3D"true" Name=3D"List Paragraph"/>=0A  <=
w:LsdException Locked=3D"false" Priority=3D"29" SemiHidden=3D"false"=0A   U=
nhideWhenUsed=3D"false" QFormat=3D"true" Name=3D"Quote"/>=0A  <w:LsdExcepti=
on Locked=3D"false" Priority=3D"30" SemiHidden=3D"false"=0A   UnhideWhenUse=
d=3D"false" QFormat=3D"true" Name=3D"Intense Quote"/>=0A  <w:LsdException L=
ocked=3D"false" Priority=3D"66" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D=
"false" Name=3D"Medium List 2 Accent 1"/>=0A  <w:LsdException Locked=3D"fal=
se" Priority=3D"67" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=
=3D"Medium Grid 1 Accent 1"/>=0A  <w:LsdException Locked=3D"false" Priority=
=3D"68" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Medium G=
rid 2 Accent 1"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"69" Semi=
Hidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Medium Grid 3 Accent=
 1"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"70" SemiHidden=3D"fa=
lse"=0A   UnhideWhenUsed=3D"false" Name=3D"Dark List Accent 1"/>=0A  <w:Lsd=
Exception Locked=3D"false" Priority=3D"71" SemiHidden=3D"false"=0A   Unhide=
WhenUsed=3D"false" Name=3D"Colorful Shading Accent 1"/>=0A  <w:LsdException=
 Locked=3D"false" Priority=3D"72" SemiHidden=3D"false"=0A   UnhideWhenUsed=
=3D"false" Name=3D"Colorful List Accent 1"/>=0A  <w:LsdException Locked=3D"=
false" Priority=3D"73" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" N=
ame=3D"Colorful Grid Accent 1"/>=0A  <w:LsdException Locked=3D"false" Prior=
ity=3D"60" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Light=
 Shading Accent 2"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"61" S=
emiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Light List Accent=
 2"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"62" SemiHidden=3D"fa=
lse"=0A   UnhideWhenUsed=3D"false" Name=3D"Light Grid Accent 2"/>=0A  <w:Ls=
dException Locked=3D"false" Priority=3D"63" SemiHidden=3D"false"=0A   Unhid=
eWhenUsed=3D"false" Name=3D"Medium Shading 1 Accent 2"/>=0A  <w:LsdExceptio=
n Locked=3D"false" Priority=3D"64" SemiHidden=3D"false"=0A   UnhideWhenUsed=
=3D"false" Name=3D"Medium Shading 2 Accent 2"/>=0A  <w:LsdException Locked=
=3D"false" Priority=3D"65" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"fals=
e" Name=3D"Medium List 1 Accent 2"/>=0A  <w:LsdException Locked=3D"false" P=
riority=3D"66" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"M=
edium List 2 Accent 2"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"6=
7" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Medium Grid 1=
 Accent 2"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"68" SemiHidde=
n=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Medium Grid 2 Accent 2"/>=
=0A  <w:LsdException Locked=3D"false" Priority=3D"69" SemiHidden=3D"false"=
=0A   UnhideWhenUsed=3D"false" Name=3D"Medium Grid 3 Accent 2"/>=0A  <w:Lsd=
Exception Locked=3D"false" Priority=3D"70" SemiHidden=3D"false"=0A   Unhide=
WhenUsed=3D"false" Name=3D"Dark List Accent 2"/>=0A  <w:LsdException Locked=
=3D"false" Priority=3D"71" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"fals=
e" Name=3D"Colorful Shading Accent 2"/>=0A  <w:LsdException Locked=3D"false=
" Priority=3D"72" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=
=3D"Colorful List Accent 2"/>=0A  <w:LsdException Locked=3D"false" Priority=
=3D"73" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Colorful=
 Grid Accent 2"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"60" Semi=
Hidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Light Shading Accent=
 3"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"61" SemiHidden=3D"fa=
lse"=0A   UnhideWhenUsed=3D"false" Name=3D"Light List Accent 3"/>=0A  <w:Ls=
dException Locked=3D"false" Priority=3D"62" SemiHidden=3D"false"=0A   Unhid=
eWhenUsed=3D"false" Name=3D"Light Grid Accent 3"/>=0A  <w:LsdException Lock=
ed=3D"false" Priority=3D"63" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"fa=
lse" Name=3D"Medium Shading 1 Accent 3"/>=0A  <w:LsdException Locked=3D"fal=
se" Priority=3D"64" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=
=3D"Medium Shading 2 Accent 3"/>=0A  <w:LsdException Locked=3D"false" Prior=
ity=3D"65" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Mediu=
m List 1 Accent 3"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"66" S=
emiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Medium List 2 Acc=
ent 3"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"67" SemiHidden=3D=
"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Medium Grid 1 Accent 3"/>=0A =
 <w:LsdException Locked=3D"false" Priority=3D"68" SemiHidden=3D"false"=0A  =
 UnhideWhenUsed=3D"false" Name=3D"Medium Grid 2 Accent 3"/>=0A  <w:LsdExcep=
tion Locked=3D"false" Priority=3D"69" SemiHidden=3D"false"=0A   UnhideWhenU=
sed=3D"false" Name=3D"Medium Grid 3 Accent 3"/>=0A  <w:LsdException Locked=
=3D"false" Priority=3D"70" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"fals=
e" Name=3D"Dark List Accent 3"/>=0A  <w:LsdException Locked=3D"false" Prior=
ity=3D"71" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Color=
ful Shading Accent 3"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"72=
" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Colorful List =
Accent 3"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"73" SemiHidden=
=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Colorful Grid Accent 3"/>=
=0A  <w:LsdException Locked=3D"false" Priority=3D"60" SemiHidden=3D"false"=
=0A   UnhideWhenUsed=3D"false" Name=3D"Light Shading Accent 4"/>=0A  <w:Lsd=
Exception Locked=3D"false" Priority=3D"61" SemiHidden=3D"false"=0A   Unhide=
WhenUsed=3D"false" Name=3D"Light List Accent 4"/>=0A  <w:LsdException Locke=
d=3D"false" Priority=3D"62" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"fal=
se" Name=3D"Light Grid Accent 4"/>=0A  <w:LsdException Locked=3D"false" Pri=
ority=3D"63" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Med=
ium Shading 1 Accent 4"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"=
64" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Medium Shadi=
ng 2 Accent 4"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"65" SemiH=
idden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Medium List 1 Accent =
4"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"66" SemiHidden=3D"fal=
se"=0A   UnhideWhenUsed=3D"false" Name=3D"Medium List 2 Accent 4"/>=0A  <w:=
LsdException Locked=3D"false" Priority=3D"67" SemiHidden=3D"false"=0A   Unh=
ideWhenUsed=3D"false" Name=3D"Medium Grid 1 Accent 4"/>=0A  <w:LsdException=
 Locked=3D"false" Priority=3D"68" SemiHidden=3D"false"=0A   UnhideWhenUsed=
=3D"false" Name=3D"Medium Grid 2 Accent 4"/>=0A  <w:LsdException Locked=3D"=
false" Priority=3D"69" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" N=
ame=3D"Medium Grid 3 Accent 4"/>=0A  <w:LsdException Locked=3D"false" Prior=
ity=3D"70" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Dark =
List Accent 4"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"71" SemiH=
idden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Colorful Shading Acce=
nt 4"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"72" SemiHidden=3D"=
false"=0A   UnhideWhenUsed=3D"false" Name=3D"Colorful List Accent 4"/>=0A  =
<w:LsdException Locked=3D"false" Priority=3D"73" SemiHidden=3D"false"=0A   =
UnhideWhenUsed=3D"false" Name=3D"Colorful Grid Accent 4"/>=0A  <w:LsdExcept=
ion Locked=3D"false" Priority=3D"60" SemiHidden=3D"false"=0A   UnhideWhenUs=
ed=3D"false" Name=3D"Light Shading Accent 5"/>=0A  <w:LsdException Locked=
=3D"false" Priority=3D"61" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"fals=
e" Name=3D"Light List Accent 5"/>=0A  <w:LsdException Locked=3D"false" Prio=
rity=3D"62" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Ligh=
t Grid Accent 5"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"63" Sem=
iHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Medium Shading 1 Ac=
cent 5"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"64" SemiHidden=
=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Medium Shading 2 Accent 5"=
/>=0A  <w:LsdException Locked=3D"false" Priority=3D"65" SemiHidden=3D"false=
"=0A   UnhideWhenUsed=3D"false" Name=3D"Medium List 1 Accent 5"/>=0A  <w:Ls=
dException Locked=3D"false" Priority=3D"66" SemiHidden=3D"false"=0A   Unhid=
eWhenUsed=3D"false" Name=3D"Medium List 2 Accent 5"/>=0A  <w:LsdException L=
ocked=3D"false" Priority=3D"67" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D=
"false" Name=3D"Medium Grid 1 Accent 5"/>=0A  <w:LsdException Locked=3D"fal=
se" Priority=3D"68" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=
=3D"Medium Grid 2 Accent 5"/>=0A  <w:LsdException Locked=3D"false" Priority=
=3D"69" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Medium G=
rid 3 Accent 5"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"70" Semi=
Hidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Dark List Accent 5"/=
>=0A  <w:LsdException Locked=3D"false" Priority=3D"71" SemiHidden=3D"false"=
=0A   UnhideWhenUsed=3D"false" Name=3D"Colorful Shading Accent 5"/>=0A  <w:=
LsdException Locked=3D"false" Priority=3D"72" SemiHidden=3D"false"=0A   Unh=
ideWhenUsed=3D"false" Name=3D"Colorful List Accent 5"/>=0A  <w:LsdException=
 Locked=3D"false" Priority=3D"73" SemiHidden=3D"false"=0A   UnhideWhenUsed=
=3D"false" Name=3D"Colorful Grid Accent 5"/>=0A  <w:LsdException Locked=3D"=
false" Priority=3D"60" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" N=
ame=3D"Light Shading Accent 6"/>=0A  <w:LsdException Locked=3D"false" Prior=
ity=3D"61" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Light=
 List Accent 6"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"62" Semi=
Hidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Light Grid Accent 6"=
/>=0A  <w:LsdException Locked=3D"false" Priority=3D"63" SemiHidden=3D"false=
"=0A   UnhideWhenUsed=3D"false" Name=3D"Medium Shading 1 Accent 6"/>=0A  <w=
:LsdException Locked=3D"false" Priority=3D"64" SemiHidden=3D"false"=0A   Un=
hideWhenUsed=3D"false" Name=3D"Medium Shading 2 Accent 6"/>=0A  <w:LsdExcep=
tion Locked=3D"false" Priority=3D"65" SemiHidden=3D"false"=0A   UnhideWhenU=
sed=3D"false" Name=3D"Medium List 1 Accent 6"/>=0A  <w:LsdException Locked=
=3D"false" Priority=3D"66" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"fals=
e" Name=3D"Medium List 2 Accent 6"/>=0A  <w:LsdException Locked=3D"false" P=
riority=3D"67" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"M=
edium Grid 1 Accent 6"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"6=
8" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Medium Grid 2=
 Accent 6"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"69" SemiHidde=
n=3D"false"=0A   UnhideWhenUsed=3D"false" Name=3D"Medium Grid 3 Accent 6"/>=
=0A  <w:LsdException Locked=3D"false" Priority=3D"70" SemiHidden=3D"false"=
=0A   UnhideWhenUsed=3D"false" Name=3D"Dark List Accent 6"/>=0A  <w:LsdExce=
ption Locked=3D"false" Priority=3D"71" SemiHidden=3D"false"=0A   UnhideWhen=
Used=3D"false" Name=3D"Colorful Shading Accent 6"/>=0A  <w:LsdException Loc=
ked=3D"false" Priority=3D"72" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"f=
alse" Name=3D"Colorful List Accent 6"/>=0A  <w:LsdException Locked=3D"false=
" Priority=3D"73" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" Name=
=3D"Colorful Grid Accent 6"/>=0A  <w:LsdException Locked=3D"false" Priority=
=3D"19" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" QFormat=3D"true"=
 Name=3D"Subtle Emphasis"/>=0A  <w:LsdException Locked=3D"false" Priority=
=3D"21" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" QFormat=3D"true"=
 Name=3D"Intense Emphasis"/>=0A  <w:LsdException Locked=3D"false" Priority=
=3D"31" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" QFormat=3D"true"=
 Name=3D"Subtle Reference"/>=0A  <w:LsdException Locked=3D"false" Priority=
=3D"32" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" QFormat=3D"true"=
 Name=3D"Intense Reference"/>=0A  <w:LsdException Locked=3D"false" Priority=
=3D"33" SemiHidden=3D"false"=0A   UnhideWhenUsed=3D"false" QFormat=3D"true"=
 Name=3D"Book Title"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"37"=
 Name=3D"Bibliography"/>=0A  <w:LsdException Locked=3D"false" Priority=3D"3=
9" QFormat=3D"true" Name=3D"TOC Heading"/>=0A </w:LatentStyles>=0A</xml><![=
endif]--><style>=0A<!--=0A /* Font Definitions */=0A @font-face=0A=09{font-=
family:"Cambria Math";=0A=09panose-1:2 4 5 3 5 4 6 3 2 4;=0A=09mso-font-cha=
rset:1;=0A=09mso-generic-font-family:roman;=0A=09mso-font-format:other;=0A=
=09mso-font-pitch:variable;=0A=09mso-font-signature:0 0 0 0 0 0;}=0A@font-f=
ace=0A=09{font-family:Calibri;=0A=09panose-1:2 15 5 2 2 2 4 3 2 4;=0A=09mso=
-font-charset:0;=0A=09mso-generic-font-family:swiss;=0A=09mso-font-pitch:va=
riable;=0A=09mso-font-signature:-1610611985 1073750139 0 0 159 0;}=0A /* St=
yle Definitions */=0A p.MsoNormal, li.MsoNormal, div.MsoNormal=0A=09{mso-st=
yle-unhide:no;=0A=09mso-style-qformat:yes;=0A=09mso-style-parent:"";=0A=09m=
argin-top:0in;=0A=09margin-right:0in;=0A=09margin-bottom:10.0pt;=0A=09margi=
n-left:0in;=0A=09line-height:115%;=0A=09mso-pagination:widow-orphan;=0A=09f=
ont-size:11.0pt;=0A=09font-family:"Calibri","sans-serif";=0A=09mso-ascii-fo=
nt-family:Calibri;=0A=09mso-ascii-theme-font:minor-latin;=0A=09mso-fareast-=
font-family:Calibri;=0A=09mso-fareast-theme-font:minor-latin;=0A=09mso-hans=
i-font-family:Calibri;=0A=09mso-hansi-theme-font:minor-latin;=0A=09mso-bidi=
-font-family:Arial;=0A=09mso-bidi-theme-font:minor-bidi;}=0A.MsoChpDefault=
=0A=09{mso-style-type:export-only;=0A=09mso-default-props:yes;=0A=09mso-asc=
ii-font-family:Calibri;=0A=09mso-ascii-theme-font:minor-latin;=0A=09mso-far=
east-font-family:Calibri;=0A=09mso-fareast-theme-font:minor-latin;=0A=09mso=
-hansi-font-family:Calibri;=0A=09mso-hansi-theme-font:minor-latin;=0A=09mso=
-bidi-font-family:Arial;=0A=09mso-bidi-theme-font:minor-bidi;}=0A.MsoPapDef=
ault=0A=09{mso-style-type:export-only;=0A=09margin-bottom:10.0pt;=0A=09line=
-height:115%;}=0A@page Section1=0A=09{size:8.5in 11.0in;=0A=09margin:1.0in =
1.0in 1.0in 1.0in;=0A=09mso-header-margin:.5in;=0A=09mso-footer-margin:.5in=
;=0A=09mso-paper-source:0;}=0Adiv.Section1=0A=09{page:Section1;}=0A-->=0A</=
style><!--[if gte mso 10]>=0A<style>=0A /* Style Definitions */=0A table.Ms=
oNormalTable=0A=09{mso-style-name:"Table Normal";=0A=09mso-tstyle-rowband-s=
ize:0;=0A=09mso-tstyle-colband-size:0;=0A=09mso-style-noshow:yes;=0A=09mso-=
style-priority:99;=0A=09mso-style-qformat:yes;=0A=09mso-style-parent:"";=0A=
=09mso-padding-alt:0in 5.4pt 0in 5.4pt;=0A=09mso-para-margin-top:0in;=0A=09=
mso-para-margin-right:0in;=0A=09mso-para-margin-bottom:10.0pt;=0A=09mso-par=
a-margin-left:0in;=0A=09line-height:115%;=0A=09mso-pagination:widow-orphan;=
=0A=09font-size:11.0pt;=0A=09font-family:"Calibri","sans-serif";=0A=09mso-a=
scii-font-family:Calibri;=0A=09mso-ascii-theme-font:minor-latin;=0A=09mso-f=
areast-font-family:"Times New Roman";=0A=09mso-fareast-theme-font:minor-far=
east;=0A=09mso-hansi-font-family:Calibri;=0A=09mso-hansi-theme-font:minor-l=
atin;}=0A</style>=0A<![endif]-->=0A=0A<p class=3D"MsoNormal">Hello,</p>=0A=
=0A<p class=3D"MsoNormal">I=E2=80=99m a software architect in my company (~=
50 developers).=0ARight now, we only use blackbox scanning, and penetration=
 testing at the end of=0Athe development process (either during QA or after=
 the apps are launched). We=E2=80=99re=0Alooking to enhance our security pr=
ocess, by performing static analysis during=0Adevelopment, and I wanted to =
hear other people=E2=80=99s opinion on this. </p>=0A=0A<p class=3D"MsoNorma=
l">It seems to me that current static analysis security tools=0A(Fortify, O=
unce) are geared towards security testers, and not developers. For=0Aexampl=
e, the plug-in that is usually provided, does not have the look &amp; feel=
=0Aof standard IDEs =E2=80=93 usually you have to scan your entire code bas=
e, after every=0Acode modification, which can take a long time, and frustra=
te developers. </p>=0A=0A<p class=3D"MsoNormal">Are there any people on the=
 list, with experience in integrating=0Astatic analysis tools for developer=
s(!) and not for security testers? I would=0Alove to hear you feedback and/=
or recommendations. Do all of your developers use=0Ait, or maybe only team =
leaders have it installed?<br></p>=0A=0A<span style=3D"font-size: 11pt; lin=
e-height: 115%; font-family: &quot;Calibri&quot;,&quot;sans-serif&quot;;">I=
 appreciate your input.<br>D.L.<br></span></div></div><br>=0A=0A=0A=0A     =
 </body></html>
--0-1720363723-1253808708=:58121--
Follow-Ups:
- Re: [WEB SECURITY] Looking for feedback from companies that use static analysis security tools
  - From: Mostafa Siraj
- Re: [WEB SECURITY] Looking for feedback from companies that use static analysis security tools
  - From: Prasad Shenoy
- RE: [WEB SECURITY] Looking for feedback from companies that use static analysis security tools
  - From: Chris Weber
- Re: [WEB SECURITY] Looking for feedback from companies that use static analysis security tools
  - From: Mike Duncan
- RE: [WEB SECURITY] Looking for feedback from companies that use static analysis security tools
  - From: Matt Parsons
- RE: [WEB SECURITY] Looking for feedback from companies that use static analysis security tools
  - From: Menerick, John
Prev by Date: [WEB SECURITY] fyi: Strict Transport Security (STS) specification
Next by Date: Re: [WEB SECURITY] Looking for feedback from companies that use static analysis security tools
Previous by thread: [WEB SECURITY] fyi: Strict Transport Security (STS) specification
Next by thread: Re: [WEB SECURITY] Looking for feedback from companies that use static analysis security tools
Index(es):
- Date
- Thread
Brought to you by http://www.webappsec.org
Search this site