Ed Tice is a sales engineer at Synopsys. While he's a bit of a jack of all trades, his primary areas of expertise involve helping customers understand the mechanics of running static analysis, dynamic analysis, fuzzing, and test prioritization security tools.
How do static analyzers manage code dependencies? There are many ways, but the best static analyzers take a hybrid approach to dependency analysis.
Posted in Developer Enablement, Static Analysis (SAST) | Comments Off on Why dependencies matter for SAST
A very common type of injection defect is cross-site scripting (also known as XSS or HTML injection). Many developers struggle with remediation of XSS because of a misunderstanding of the difference between validation, sanitization, and normalization/canonicalization. Lately, even some security vendors have started suggesting “fixing” injection defects close to the source rather than close to […]
Posted in Security Standards and Compliance | Comments Off on Remediating XSS: Does a single fix work?
“I lost my keys. How long will it take to find them?” This is a laughable question, but it’s analogous to “How long will it take to debug this?” Developers scoff at this question as if it were an unreasonable demand, just as inexperienced project managers are shocked that a simple answer isn’t forthcoming. But […]
Posted in Static Analysis (SAST) | Comments Off on How is static analysis a productivity tool for engineering teams?
Get the latest Software Integrity news, thought leadership, and more.
