Source: https://www.giac.org/paper/gsec/2283/secure-software-development-code-analysis-tools/103987