The past handful of years I’ve been really interested in static analysis but not from the traditional appsec program perspective of shifting left and catching bugs before they get merged. Instead I use it for code exploration, vulnerability discovery, and variant analysis. I want to share a bit about how I use these tools because truthfully, I think it helps to get more value out of them and selfishly, I want the vendors to invest more into supporting these use cases.