关键词：电子信息；信息安全；网络安全；网格设施；静态控制
摘 要：IT security, even if once achieved, is not a permanent state but rather a process. One of the main factors that impact this process is the ability to identify security vulnerabilities in the software. Disclosing such a flaw is usually followed by issuing a patch. However, for main-tainers of a heterogeneous and compound environment, being up to date with all necessary fixes, may be an unexpectedly difficult task. Developing custom software in a grid project introduces another dimension to this problem. The SARA system for static security control has been developed to help the administrators with that issue.