Eliminating these basic vulnerabilities would go a long way towards making software more secure. And the earlier on in the process they’re caught, the easier they are to fix. Today’s integrated development environments can already catch common syntax errrors, like missing semicolons, said Ron Arden, COO at security vendor Fasoo.
“If there’s a function you’re using, it shows the parameters,” he added. “But it won’t tell you if there’s a SQL injection or cross-site scripting or something stupid like that.”