...
This raises questions on the efficacy of SAST for organizations focused on immediate benefits. Traditional SAST does products do not use the actual executable/binary for analysis; it typically uses a representation of your program. This technique, no matter how good the analysis, will always result in many False Positives (FPs). And it will find defects in paths that the program would never actually implement in a live system.
...