Smart organizations in the business of building software know they need a mix of application testing tools to help ensure the code they produce is high-quality and secure.
Many have already taken the steps to secure the code their developers write with a static application security testing (SAST) tool such as Coverity®.
SAST is critical for uncovering and eliminating issues in proprietary code early in the software development life cycle (SDLC) by scanning code for flaws while that code is in a nonrunning (i.e. static) state.
However, what about the code in your applications that your developers didn't write?