Thoughts on Code Scanning Tools
I was in the process of writing a blog on my thoughts about Code Scanning Tools to find security vulnerabilites in source code. As I mention many times before there are no silver bullet in the IT industry and surely there are no silver bullets in Security. If there was a silver bullet then why do we hear about different security vulnerabilites being found on a daily basis in software by all vendors. Maybe, because many people see quick fixes and simple solutions as the easy route to getting an application out the door and start believing it is the silver bullet. Uhmm, I wonder if that is why some birds stick their head in the sand as well.
I guess I can save alot of typing as Michael Howard summed up his thoughts on the abuse of Code Scanning tools very well in one of his recent blogs.