Evidence has emerged that compilation-based code analysis tools negatively impact risk mitigation efforts. As Gartner analyst Neil MacDonald observed: “We’ve talked with a number of clients that purchased a [static analysis] tool which later becomes expensive 'shelfware' or where the project was halted after delivering mixed results.” Mr. MacDonald correctly singles out poor security process as an obstacle—but there are serious technical factors that contribute to the “shelfware” problem. A key, overlooked bottleneck comes from the compiler based approach. Getting the code into a state where it can be compiled and linked is not an easy task. How does the need for compilation negatively impact the stakeholders who rely on code analysis?