Secure Development with Static Analysis

Presented at REcon 2006, June 17, 2006, 9:30 a.m. (60 minutes)

Static source code analysis has evolved rapidly in the past few years into a powerful developmental aid. However, many developers' perceptions of static analysis are incorrect. Analysis techniques are more advanced than many people realize, but also not the magic bullet many hope for. Successful utilization and integration of static analysis requires understanding its possibilities and limits. This talk is primarily targeted at security concious software developers and consultants. It's intended to be vendor-neutral, and will cover commerical and academic (including free/open source) tools.


  • Ted Unangst
    Ted Unangst has been working on and with static analysis tools since 2001, when he started working with Stanford's Metacompilation group, and is presently a software engineer at Coverity, makers of advanced source code analysis solutions. He is also an OpenBSD developer.


Similar Presentations: