Secure Coding mailing list archives
Question on Static Analysis
From: James.McGovern at thehartford.com (McGovern, James F. (eBusiness))
Date: Fri, 20 Nov 2009 09:34:26 -0500
Noodling the value proposition of static analysis and wonder if vendors in this space are doing the right thing. For example, Gary McGraw was one of the first to point out insecure APIs within Java such as readLine not having a parameter to indicate max read. Is there merit in vendors figuring out how to perform same function within commercial products? For example, there are insecure APIs in IBM MQ/Series, Struts, Spring, etc. Is there merit in collecting this type of information as a new OWASP project? ************************************************************ This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. ************************************************************ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://krvw.com/pipermail/sc-l/attachments/20091120/dea25772/attachment.htm>
Current thread:
- Question on Static Analysis McGovern, James F. (eBusiness) (Nov 20)