Wow - I am elated with all the responses to my last post! So many of you directly emailed me, called, Twitter'd to talk this issue over. Actually - perhaps the closest to figuring out where I was going with this whole idea was Chris A. who emailed me a response and I think he is thinking the same...
Hybrid Analysis - The Answer to Static Code Analysis Shortcomings Given my previous article and the buzz it generated (both for and against the ideas I set forth)... I needed to hurry-up and write the follow-on article for "Static Code Analysis Failures". I've had so many conversations...
Static code analysis failures are costing enterprises money and reputation. White-box security testing is inherently a flawed proposition for many reasons -but it all comes down to a very simple concept: Machines do not execute source code, they execute machine code (compiled code). --Paul Anderson ...