By reviewing your source code, making adjustments to secure the business logic, and input verification of your software we reduce the risk of compromise. This is done by both experts reading the code and also doing penetration testing on a staged/sandbox environment that is a clone of your platform.
The sophistication of the analysis performed by tools varies from code to code, that only consider the behavior of individual statements and declarations, to those that include the complete source code of a program in their analysis. The uses of the information obtained from the analysis vary from highlighting possible coding errors (e.g., the lint tool) to formal methods that mathematically prove properties about a given program (e.g., its behavior matches that of its specification).
Software metrics and reverse engineering is also done in certain cases where the source code is encrypted or obfuscated.