Full Disclosure mailing list archives
Coverity
From: Michael Williamson <mwilliamson () falcon tamucc edu>
Date: Tue, 14 Mar 2006 09:57:57 -0600
I'm sorry, but relying on some statistical analysis tool to "certify code" is utter bullshit. Sure, this thing is useful in finding bonehead mistakes and certainly is a worthy tool, but code that passes cannot be considered defect free. This leads to a serious false sense of security...and a sense of security Coverity is happy to take your money to give you. I really suspect that path following statistical analysis tools are generally worthless in finding logic errors, and logic errors lead to security problems just as overflows/underruns/pointer mishaps. I'm not saying Coverity is snake oil, on the contrary it's a useful too, but users of it shouldn't make into more than it is. -- Michael Williamson <mwilliamson () falcon tamucc edu>
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Coverity Michael Williamson (Mar 14)
- Re: Coverity Jeff Kell (Mar 14)