Examples: static analysis tools that search the source code for
possible buffer overflows, dynamic analysis
tools that help identify buffer overflows during program execution for
testing
Pros:
•Static analysis tools can be very useful for code
inspection
•Dynamic analysis tools can help you catch errors during
testing that you might not have
caught otherwise
Cons:
•Static analysis tools produce many false positives and
only look for certain kinds of buffer
overflows, such as unsafe library function calls