The Owasp Orizon Framework
A lot of open source projects exist in the wild performing static code review analysis. This is good, it means that source code testing for security issues is becoming a constraint.
Such tools bring a lot of valuable points:
- community support
- source code freely available to anyone
On the other side, these tools don't share the most valuable point among them: the security knowledge. All these tools have their own security library with a lot of checks contained into without sharing such knowledge.
In 2006 Owasp Orizon project is born to provide a common underlying layer to all opensource projects concern static analysis.