In complex software development, the number of developer errors usually increases with the growth of the code base. These errors can be sufficiently dangerous: besides causing improper or undesirable operation, they can lead to serious security vulnerabilities. By exploiting them, malicious attackers can take control over the software in some ways to run it according to their goals, or at least differently than originally intended.
Static source code analysis is a widely used, generally approved software testing approach. Its goal is to discover as many human errors as possible, as early as possible — meaning during development, without compiling and running the code —, in order to reduce the number of software failures in production, and to minimize the extra costs of fixing bugs after deployment. Possible applications of static analysis include verifying whether the code complies with enterprise coding standards and styles, but more and more analysis toolsets provide ways to detect more complex logical errors during compilation time, or even development time.