>Security static analysis on the other hand is pretty overrated most of the time unless you work really hard to make it fit in your context.
I think the "unless" part is key here. If used correctly, it's crazy what these tools can find, and they give you a baseline of issues to analyze/fix before digging deeper.
But yes, running them blindly just to tick a box isn't very helpful.
I think the "unless" part is key here. If used correctly, it's crazy what these tools can find, and they give you a baseline of issues to analyze/fix before digging deeper.
But yes, running them blindly just to tick a box isn't very helpful.