The SATEC project provides a comprehensive set of evaluation criteria for those organizations and professionals who are looking to automate part of their application security assurance program by procuring one or more static code analysis technologies. The set of criteria defined in SATEC have been considered and selected using a “consensus-driven review” through a voluntary process through participation from various subject matter experts.
SATEC focuses on most important aspects of static code analysis and stirs away from rating or evaluating any vendor. Using the criteria organization and security professionals would be able to identify the best technology that is suitable to their development environment and requirements.
Experts from world leading organizations like HP Fortify, Parasoft, Northsec, Veracode, HP, IBM and others have help build the set of criteria.