The product contains dead code, which can never be executed.
Dead code is code that can never be executed in a running program. The surrounding code makes it impossible for a section of code to ever be executed.
Remove dead code before deploying the application.
Use a static analysis tool to spot dead code.
Dead code that results from code that can never be executed is an indication of problems with the source code that needs to be fixed and is an indication of poor quality.
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.) Formal Methods / Correct-By-Construction ``` Cost effective for partial coverage: ``` Attack Modeling
Effectiveness: High
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Binary / Bytecode Quality Analysis Compare binary / bytecode to application permission manifest
Effectiveness: High
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Automated Monitored Execution
Effectiveness: SOAR Partial
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Permission Manifest Analysis
Effectiveness: SOAR Partial
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Source Code Quality Analyzer ``` Cost effective for partial coverage: ``` Warning Flags Source code Weakness Analyzer Context-configured Source Code Weakness Analyzer
Effectiveness: High
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Web Application Scanner Web Services Scanner Database Scanners
Effectiveness: SOAR Partial
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Manual Source Code Review (not inspections) ``` Cost effective for partial coverage: ``` Focused Manual Spotcheck - Focused manual analysis of source
Effectiveness: High