Hybrid Analysis - The Answer to Static Code Analysis Shortcomings Given my previous article and the buzz it generated (both for and against the ideas I set forth)... I needed to hurry-up and write the follow-on article for "Static Code Analysis Failures". I've had so many conversations...
Static code analysis failures are costing enterprises money and reputation. White-box security testing is inherently a flawed proposition for many reasons -but it all comes down to a very simple concept: Machines do not execute source code, they execute machine code (compiled code). --Paul Anderson ...
For those of you who keep up with the PCI DSS standard, the coucil today has issued an update titled: Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified . The standard item 6.6 has been further clarified in one of two options, as before, being either Application...
It's one of those obvious things. A defect is a defect, right? Whether the airbag is faulty, or the gas cap doesn't hold pressure... a defect is a defect. The strange thing is - it hasn't been that way, and still isn't that way, in most of the IT shops I've been in. Why? The reason...