

Ask HN: Would you pay for static analysis as a service? - ZephyrP

Presumably for automated security review of dynamic languages with complex component interactions (Rails/Ruby and Django/Python of course come to mind). The tech kicker on this is twofold, firstly there isn't any widely used, commercially supported static analysis software for dynamic languages that employs SAT solvers to derive runtime code execution paths (which is really unfortunate!). Secondly you could use RBM generative models, while the approach characteristically suffers from overfitting, gathering knowledge of the partition function of the security of a particular piece of software code is trivial and isolating problematic components is a well explored field.<p>Thanks for your thoughts!
======
traxtech
I do not beleive in "automated security review". It gives a false sense of
what security is.

