Re: auditing

[ljknews <ljknews () mac com>]

At 5:53 PM -0500 4/30/04, jnf wrote:

hi, simple question that is not very technicla in itself- when auditing 
> software, I often find it had to stay focused and follow the code so to 
> speak, especially when jumping across X source files and Y functions 
> inside of each source file, I was just curious how others cope with such 
> things? I've just been using vi/text editors to go through it all and I 
> don't really expect there is a solve all answer, but any hints help.
> thoughts?

An external tool like SCA will let you know all the calling sites
that invoke a particular function or procedure.  That seems critical
when evaluating relationships, especially in a more weakly typed
language like C*.