Re: Today's thought

[Dave Aitel <dave () immunitysec com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris Eagle wrote:

| Halvar et al wrote:
|
|> Hey all,
|>
|>> There are a lot of companies getting funding right now that do
|>> source code analysis, varying from fancy regexp matching on
|>> gcc's preprocessor output to real AST generation and
|>> inspection. No interfunction value tracking (similar to code
|>> coverage in that people underestimate its' usefulness in these
|>> scenarios) yet, as far as I know, though.
|>
|> IIRC Coverity has interfunction value tracking -- if you hook at
|> the AST layer in GCC, it should not be _that_ hard to pull off,
|> and I am quite surprised that @stake's product doesn't seem to do
|> it (as far as I can infer from the examples they showed). Ahwell,
|>  there's going to be v2 soon I assume.
|>
|
| Dave failed to mention that he was quoted in this article:
|
|
http://news.com.com/Will+code+check+tools+yield+worm-proof+software%3F/2100-
|  1002_3-5220488.html?tag=nefd.lede
|
| Coverity and @stake cited as well.
|
| Chris

I didn't see this until after I posted the other thing. :> I'd really
like each of those vendors to run their checkers over CVS and see what
they find.

I know @stake is on this list. Any chance of a screenshot or the cvs
report?

- -dave

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAtesfzOrqAtg8JS8RAhvjAJ42sgCxBEICBCii3chmlBV5vJcQ7QCdEF/v
UcXvChwNgyxO2i5jYlIv4xs=
=ld0B
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave