Static analysis has a broad set of capabilities to offer the .NET world. It can enforce pattern-based rules, whether they're based on proven standards or custom patterns that help you identify application-specific defects. Nevertheless, some defects cannot be detected by this analysis technique. The flow analysis feature of dotTEST does exactly that.
Building security into software applications from the initial phases of development process is critical. Static code analysis gives developers the ability to review their code without actually executing it to uncover potential security vulnerabilities. InfoQ spoke with Brian Chess about static analysis and how it compares with other security assessment techniques like penetration testing.