“…SATs can work without needing to run the code itself so they can be integrated into IDEs or even work off of websites which makes it easier for developers to find and fix defects earlier in the development process rather than waiting till the test and production stages. SATs are recommended as the first line of defence against vulnerabilities [102], and developers have previously acknowledged their usefulness in finding security vulnerabilities [97]. Various academic researchers recommend developers use SATs [45,58,86,101,102], and they are also used by large technology companies such as Microsoft [22,91], Facebook [31], and Google [5,7,82,83], as well as in open-source projects such as Linux, Firefox, and Qt [14,48,99,105].…”