Security Basics mailing list archives
Source code auditing tools capabilities and evaluation
From: Source Auditor <source.audit () gmail com>
Date: Fri, 25 Feb 2005 14:25:22 -0500
Hello List. Recently we started getting exposed to security vuln like buffer overflows in our code and scrambled to fix them. However, now we want to proactively look into such issues before/during the releases. We started investigating the tools of some vendors like Ounce Labs, Klocwork, Fortify , Parasoft and Secure software. We need these tools for automated builds, security vuln scanning, etc.. I have seen some threads in the past on these lists about such queries but would like a detailed comments from the end users of such tools on - how are these tools in terms of capabilities ? strengths, limitations... - language support (C, C++, Java) , platform support (Windows, Unix, linux) Any other vendors who have such tools (note : not interested in vendors providing such services) ? At same time, we are also interested in improving the development process(SDLC) and trying to identify the possible improvements. Does anyone know of such books or give pointers on what things can be considered here. Thanks in advance, Source auditor
Current thread:
- Source code auditing tools capabilities and evaluation Source Auditor (Feb 28)