Since its introduction, static source code analysis has had a mixed reputation with development teams due to long analysis times, excessive noise or an unacceptable rate of false-positive results. Excessive false-positive results are the main reason why many source code analysis products quickly become shelfware after a few uses. Despite early shortcomings, the promise of static analysis remained of interest to developers because the technology offers the ability to find bugs before software is run, improving code quality and dramatically accelerating the availability of new applications. Though static analysis has historically struggled to deliver on this promise, a groundbreaking new use of Boolean satisfiability (SAT) in the field is poised to help static analysis deliver on its potential.

This white paper will provide a brief overview of the history of static analysis and explain how the use of SATin static analysis is enabling developers to improve the quality and Security of their code by identifying a greater number of critical defects in their code with the lowest rate of false-positive results in the industry.